Searched hist:211155 (Results 1 - 2 of 2) sorted by relevance
/freebsd-10.0-release/tools/regression/bin/sh/expansion/ | ||
H A D | pathname3.0 | 211155 Tue Aug 10 20:50:20 MDT 2010 jilles sh: Fix heap-based buffer overflow in pathname generation. The buffer for generated pathnames could be too small in some cases. It happened to be always at least PATH_MAX long, so there was never an overflow if the resulting pathnames would be usable. This bug may be abused if a script subjects input from an untrusted source to pathname generation, which a bad idea anyhow. Most shell scripts do not work on untrusted data. secteam@ says no advisory is necessary. PR: bin/148733 Reported by: Changming Sun snnn119 at gmail com MFC after: 10 days |
/freebsd-10.0-release/bin/sh/ | ||
H A D | expand.c | diff 211155 Tue Aug 10 20:50:20 MDT 2010 jilles sh: Fix heap-based buffer overflow in pathname generation. The buffer for generated pathnames could be too small in some cases. It happened to be always at least PATH_MAX long, so there was never an overflow if the resulting pathnames would be usable. This bug may be abused if a script subjects input from an untrusted source to pathname generation, which a bad idea anyhow. Most shell scripts do not work on untrusted data. secteam@ says no advisory is necessary. PR: bin/148733 Reported by: Changming Sun snnn119 at gmail com MFC after: 10 days |
Completed in 114 milliseconds