Hi Roger, On 14/04 12:13, Roger Lynn wrote: > On 14/04/2015 07:48, Emanuele Rocca wrote: > > +--- ppp-2.4.6.orig/pppd/plugins/radius/util.c > > ++++ ppp-2.4.6/pppd/plugins/radius/util.c > > +@@ -77,7 +77,7 @@ rc_mksid (void) > > + static unsigned short int cnt = 0; > > + sprintf (buf, "%08lX%04X%02hX", > > + (unsigned long int) time (NULL), > > +- (unsigned int) getpid (), > > ++ (unsigned int) getpid () % 65535, > > Shouldn't this be 65536? If you're trying to limit to 0xFFFF then 65535 too > small. "getpid () & 0xFFFF" might be clearer than using the modulus operator > and should have exactly the same effect.
Good catch! You are right, the patch limits to 0xFFFE instead of 0xFFFF. However it does fix the vulnerability, so I don't think a new upload is required. Cheers, ema -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
