Summary: | [PATCH]Some utilies might lead to overflow | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | David CARLIER <david.carlier> | ||||||
Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||||
Status: | Closed Overcome By Events | ||||||||
Severity: | Affects Many People | CC: | emaste, pstef | ||||||
Priority: | Normal | Keywords: | patch | ||||||
Version: | CURRENT | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
Description
David CARLIER
2014-08-24 18:50:31 UTC
Created attachment 146223 [details]
Diff proposal
Created attachment 146248 [details]
Sysctl patch
if I do sysctl kern.maxfiles=293879823734892347923849 => kern.maxfiles = -1 ... an overflow case ... I propose a small patch for it.
Patched version are available in HardenedBSD userlandenhanced branch if anyone interested https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/userlandenhanced or the unstable one with all others HardenedBSD features https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/unstable A commit references this bug: Author: bapt Date: Mon Jul 13 05:56:28 UTC 2015 New revision: 285437 URL: https://svnweb.freebsd.org/changeset/base/285437 Log: Prevent potential integer overflow PR: 192971 Submitted by: David Carlier <david.carlier@hardenedbsd.org> Changes: head/bin/ls/ls.c A commit references this bug: Author: bapt Date: Mon Jul 13 05:59:42 UTC 2015 New revision: 285438 URL: https://svnweb.freebsd.org/changeset/base/285438 Log: Prevent potential integer overflow PR: 192971 Submitted by: David Carlier <david.carlier@hardenedbsd.org> Changes: head/bin/stty/stty.c Sorry for delay. I have committed 2 of them: ls and sttys. Concerning vi it will have to be upstreamed first: https://github.com/lichray/nvi2 Concerning the systcl one it does not apply at all on vanilla's freebsd sysctl.c. There was probably a previous patch on hardennedbsd that has not been provided along with yours For bugs matching the following conditions: - Status == In Progress - Assignee == "bugs@FreeBSD.org" - Last Modified Year <= 2017 Do - Set Status to "Open" I think we can close this. nvi now uses atoz_or() which uses strtol() and sysctl still uses strto*() which clamp values originally out of range. |