similar to: wrong strlcat limit value in realpath.c

Just another udev segfault. strlcpy() writes behind the specified maximum size. strlcat() causes the same probelem and truncates the destination string to the maximum size which isn't the job for a concatenation function. Thanks, Kay diff -Nru a/klibc/klibc/strlcat.c b/klibc/klibc/strlcat.c --- a/klibc/klibc/strlcat.c 2005-03-27 04:40:42 +02:00 +++ b/klibc/klibc/strlcat.c 2005-03-27

I was planning to use this function to harden the code in v2v/input_ova.ml against malicious OVA files. However I didn't complete that work. Hate to see a good commit go to waste ... Rich.

Hi, I starting a new project, and have run into behavior I cannot replicate in irb, (i.e. outside of using rspec) when the directory? returns true, so I thought I''d ask here, in case any one has seen this badhavior. ruby-1.9.2-p136 rspec (2.5.0) rspec-core (2.5.1) rspec-expectations (2.5.0) rspec-mocks (2.5.0) When I try to run this spec: require Pathname(__FILE__).ascend { |d|

Hi, Martijn sent the following patch to me in private and agreed that i post it here. In any other program in OpenBSD base, i'd probably agree with the basic approach. Regarding OpenSSH, however, i worry whether wcwidth(3) can be used. While wcwidth(3) is POSIX, it is not ISO C. Does OpenSSH target platforms that don't provide wcwidth(3)? If so, do you think the problem can be solved

On the advisory about the realpath problem it says that it was corrected: RELENG_4_8 src/UPDATING 1.73.2.80.2.3 src/lib/libc/stdlib/realpath.c 1.9.14.1 src/sys/conf/newvers.sh 1.44.2.29.2.2 I ran cvsup and when I look at my src/lib/libc/stdlib/realpath.c I see

This is needed as the basis for the readlink -f option. Signed-off-by: Ben Hutchings <ben at decadent.org.uk> --- --- a/usr/include/stdlib.h +++ b/usr/include/stdlib.h @@ -92,4 +92,6 @@ static __inline__ int grantpt(int __fd) return 0; /* devpts does this all for us! */ } +__extern char *realpath(const char *, char *); + #endif /* _STDLIB_H */ --- a/usr/klibc/Kbuild +++

https://bugzilla.mindrot.org/show_bug.cgi?id=2428 Bug ID: 2428 Summary: realpath command doesn't work Product: Portable OpenSSH Version: 6.9p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: Build system Assignee: unassigned-bugs at

http://bugzilla.mindrot.org/show_bug.cgi?id=978 Summary: The supplied realpath function mangles pathnames. Product: Portable OpenSSH Version: 3.9p1 Platform: Other OS/Version: other Status: NEW Severity: minor Priority: P3 Component: Miscellaneous AssignedTo: openssh-bugs at mindrot.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:08.realpath Security Advisory The FreeBSD Project Topic: Single byte buffer overflow in realpath(3) Category: core Module: libc Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:08.realpath Security Advisory The FreeBSD Project Topic: Single byte buffer overflow in realpath(3) Category: core Module: libc Announced:

Hi, the following patch has been suggested by Mark Bradshaw <bradshaw at staff.crosswalk.com>. The simple concatenation of filenames in sftp client and server results in creating filenames beginning with double slashes when the cwd is the root directory: cwd: "/bar/baz" file: "foo" cwd + "/" + file = "/bar/baz/foo" cwd: "/" file:

Just saw this from eWeek. "IBM, which paid roughly $500,000 for the testing, and SuSE (pronounced "SOOS-ah") were announcing the certification jointly. " The article is here: http://www.eweek.com/article2/0,3959,1212529,00.asp --- Darren Reed <avalon@caligula.anu.edu.au> wrote: > In some mail from twig les, sie said: > > > > I actually just asked

Hi, I've seen that this commit never got MFC'd: http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/stdlib/realpath.c?rev=1.14&content-type=text/x-cvsweb-markup Would it be possible to do that or are there any objections out there ? Martin Martin Blapp, <mb@imp.ch> <mbr@FreeBSD.org> ------------------------------------------------------------------ ImproWare AG, UNIXSP

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:08.realpath Security Advisory The FreeBSD Project Topic: Single byte buffer overflow in realpath(3) Category: core Module: libc Announced:

Hi all, I got one problem with comparing strings like if any string is like "*RIGHT, EPICARDIUM: FOCUS, GRAY-WHITE, SINGLE, APPROX 0.6 CM IN DIAMETER*." and i have to compare "*GRAY-WHITE*" with the above string or otherwise i have to compare " *TUMOR BENIGN*" this string with "*MEDULLRY TUMOR BENIGN,TYP PHEOCHROMOCYTOMA*" i

Sorry if I'm duplicating an existing patch, but... On systems with no seteuid() that have setreuid() there is an emulation, but if both are lacking (but we do have setresuid()), nothing is done. The following seems to be right, but I've only got one machine (running an ancient version of HP-UX) which needs this so it may not be general: --cut-here-- --- config.h.in.orig Thu Jun 7

Hello there. I tried make update using the following stable-supfile: *default base=/usr *default prefix=/usr *default release=cvs tag=RELENG_4 *default delete use-rel-suffix and my two nearest Russian CVS mirrors showed no changes in realpath. Heck, I downloaded the patch and said in /usr/src: # patch < realpath.patch so it was rejected. Then I looked into realpath.c's revision and

It looks like something got broken in openbsd-compat/bsd-snprintf.c ... gcc -g -O2 -Wall -Dftruncate=chsize -I/usr/local/include -I/usr/local/ssl/includ e -I. -I.. -I../src/openbsd-compat -I../src/openbsd-compat/.. -DHAVE_CONFIG_H -c ../src/openbsd-compat/bsd-snprintf.c In file included from ../src/openbsd-compat/bsd-snprintf.c:72:

On Mon, Mar 19, 2012 at 4:30 PM, Chris Lattner <clattner at apple.com> wrote: > > On Mar 19, 2012, at 2:52 PM, Kostya Serebryany wrote: > > Hello, > > While instrumenting LLVM IR in ThreadSanitizer (race detector), I need > to distinguish between a store to vtable pointer (vptr) and any other > regular store. > This special treatment should be limited to class

I have a problem compiling openssh 2.3.0p1 The configure script runs fine then if you see below; when I compile it dies: Manual pages: /usr/local/man/manX PID file: /usr/local/etc Random number collection: Builtin (timeout 200) Manpage format: man PAM support: yes KerberosIV support: no