Bug 2580

Summary:

security hole in glob.c

Product:

Base System

Reporter:

Julian Assange <proff>

Component:

bin

Assignee:

Warner Losh <imp>

Status:

Closed FIXED

Severity:

Affects Only Me

Priority:

Normal

Version:

3.0-CURRENT

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
file.diff	none

Description Julian Assange 1997-01-25 15:10:00 UTC

	the libc routine glob() calls globtilde() to expand ~.
	globtilde() will copy $HOME to the pattern buf without
	any bounds checking(!)

Comment 1 mpp freebsd_committer

1997-01-26 07:09:58 UTC

Responsible Changed
From-To: gnats-admin->freebsd-bugs

Misfiled PR.

Comment 2 Bill Fenner freebsd_committer

1997-01-27 18:31:52 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-bugs

It didn't.

Comment 3 Warner Losh freebsd_committer

1997-02-09 06:40:19 UTC

Responsible Changed
From-To: freebsd-bugs->imp

It's on my list now.

Comment 4 Warner Losh freebsd_committer

1997-03-23 23:32:00 UTC

State Changed
From-To: open->closed


Fixed in 1.7 of glob.c by a similar, but different, patch.