|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: procmail / Sendmail - five bugs
Subject: Re: procmail / Sendmail - five bugs
From: Casper Dik (casper
HOLLAND.SUN.COM)
Date: Thu Dec 23 1999 - 08:35:58 CST
- Next message: suid: "Multiple vulnerabilites in glFtpD (current versions)"
- Previous message: Randy Mclean: "Re: Groupewise Web Interface"
- In reply to: Michal Zalewski: "procmail / Sendmail - five bugs"
- Reply: Casper Dik: "Re: procmail / Sendmail - five bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>a) On some glibc 2.0 machines (eg. RedHat), malloc(negative_integer) won't
>result in EINVAL, but with valid pointer, for which malloc_usable_size()
>returns size of 12 bytes. Heap overflows possible? Hmm, at least SEGVs in
>procmail :)
On a pedantic note: it is not possible to call a standard conforming malloc()
with a negative integer; the argument to malloc is unsigned (size_t).
In Solaris, calls to malloc > 2^31-1 can result in memory being returned
of the requested size. Various older releases of Solaris do have problems
at the 2GB barrier, even thgough > 2GB can be available for malloc.
Casper
- Next message: suid: "Multiple vulnerabilites in glFtpD (current versions)"
- Previous message: Randy Mclean: "Re: Groupewise Web Interface"
- In reply to: Michal Zalewski: "procmail / Sendmail - five bugs"
- Reply: Casper Dik: "Re: procmail / Sendmail - five bugs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Thu Dec 23 1999 - 13:36:31 CST