Re: Fwd: Any user can panic OpenBSD machine

From: Todd C. Miller (Todd.Millerat_private)
Date: Mon Jul 27 1998 - 13:59:55 PDT

Next message: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"

Previous message: Warner Losh: "Re: Fwd: Any user can panic OpenBSD machine"
Maybe in reply to: Michael Fuhr: "Fwd: Any user can panic OpenBSD machine"
Next in thread: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <xzphg0357ze.fsfat_private>
        so spake  (dag-erli):

> /sys/kern/sys_generic.c:
>                 if (uap->iovcnt > UIO_MAXIOV)
>                         return (EINVAL);
>
> /sys/sys/uio.h:
> #define UIO_MAXIOV      1024            /* max 1K of iov's */
>
> -1 is rejected with EINVAL because 4294967295 > 1024.
>
> BTW, FreeBSD is immune, too. As a matter of fact, the original BSD
> version (SCCS ID "@(#)sys_generic.c 8.5 (Berkeley) 1/21/94") has the
> check, so the OpenBSD folks must have f*d it up somewhere along the
> way.
>
> DES (aka desat_private)
> --
> Dag-Erling Smørgrav - dag-erliat_private

We are talking about uio_resid not uio_iovcnt.

 - todd

Next message: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Previous message: Warner Losh: "Re: Fwd: Any user can panic OpenBSD machine"
Maybe in reply to: Michael Fuhr: "Fwd: Any user can panic OpenBSD machine"
Next in thread: Perry E. Metzger: "Re: Fwd: Any user can panic OpenBSD machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:08:35 PDT