--so9zsI5B81VjUb/o Content-Type: multipart/mixed; boundary=9dgjiU4MmWPVapMU --9dgjiU4MmWPVapMU Content-Type: text/plain; charset=us-ascii On 1999-08-16 09:51:58 +0800, David Luyer wrote: > The tool mentioned in this has a couple of show-stopper bugs Yes, there is also a buffer overflow in job.c (See attached patch). I wonder how they could run this program for a month. Maybe they posted a bug-ridden version to make it a little bit more difficult for the script kiddies? hp -- _ | Peter J. Holzer | Nobody should ever have to be |_|_) | Sysadmin WSR / Obmann LUGA | ashamed if they have a secret love | | | hjpat_private | for writing computer programs that __/ | http://wsrx.wsr.ac.at/~hjp/ | actually work. -- Donald E. Knuth --9dgjiU4MmWPVapMU Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="bass-1.0.7.job.patch" diff -u orig/bass-1.0.7/job.c bass-1.0.7/job.c --- orig/bass-1.0.7/job.c Sun Aug 8 21:43:51 1999 +++ bass-1.0.7/job.c Sun Aug 15 16:51:59 1999 @@ -48,7 +48,7 @@ jobcontrol->alloc += slots + 64; jobcontrol->pids = (int *) xrealloc(jobcontrol->pids, jobcontrol->alloc * sizeof(int)); - for(i = jobcontrol->alloc-slots-64; i<jobcontrol->alloc+slots+64; i++) + for(i = jobcontrol->alloc-slots-64; i<jobcontrol->alloc; i++) jobcontrol->pids[i] = JOB_FREE_SLOT; } --9dgjiU4MmWPVapMU-- --so9zsI5B81VjUb/o Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQDQAwUBN7lU+FLjemazOuKpAQGBSwXTBjfvdqbkIikI3Tt8dSPi9Tc+SnTLpRFs NpfYG74rTztzUJ2KC5bBPGUxGDXB+u59eVYQ3vDIe4UVvuyVJkbk6FNSHoLAHg6t NidDXDcwko4vq7btDFI0xEMJWNR387sidVrjDQeCBjBc5R9MpMg/upRqOInYn4zT e2udkTlKOPKBzWtZ++XDzx2+GHNWT/L2G4PjyT+ixpmKOBLKcegv03h/9n9dkAX+ J0WX9rsA41fwcZJ1gVpJ/yFlLw== =gLxv -----END PGP SIGNATURE----- --so9zsI5B81VjUb/o--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:42 PDT