On Tue, 11 Mar 2003 11:41:27 -0600
"Jacques A. Vidrine" <nectar@FreeBSD.ORG> wrote:
> On Tue, Mar 11, 2003 at 11:34:40AM -0600, Christopher Schulte wrote:
> > At 09:41 AM 3/6/2003 -0600, Jacques A. Vidrine wrote:
> > >Thanks! However, this has already been fixed in -CURRENT (by import
> > >of FILE 3.41). I do not know whether or not David plans to MFC in
> > >time for 4.8-RELEASE.
> >
> > I think this should be merged into the security branches,
> > due to possible remote exploit by third party programs that
> > use file, such as (at the very least) amavis.
>
> I tend to agree.
>
> David?
>
I am getting ready to do a buildworld today on 4.8-RC and can
test a patch if available. Does the patch provided by:
Guy Poizat <guy@device.dyndns.org>
Appear correct ?
---------------------------------------------------------------
--- src/contrib/file/readelf.c Sun Nov 26 22:37:21 2000
+++ src/contrib/file/readelf.c.patched Thu Mar 6 15:02:44 2003
@@ -141,6 +141,9 @@
Elf32_Shdr sh32;
Elf64_Shdr sh64;
+ if ( size > ( class == ELFCLASS32 ? sizeof(Elf32_Shdr) : sizeof(Elf64_Shdr) ) )
+ return;
+
if (lseek(fd, off, SEEK_SET) == -1)
error("lseek failed (%s).\n", strerror(errno));
----------------------------------------------------------------
Thanks in advance,
Stephen Hilton
nospam@hiltonbsd.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message