Re: buffer overrun in fnmatch.c

2015-07-31 Thread Masao Uebayashi
On Fri, Jul 31, 2015 at 11:18:15AM -0700, enh wrote: > automated fuzzing caught this: > > #include > #include > int main() { > char *str = strdup("*[\\$:*[:lower:]"); > fnmatch(str, str, 0x27); > } This is the output of Valgrind as of today: ==7819== Memcheck, a memory error detector ==781

Update afterboot(8) for new PermitRootLogin default

2015-07-31 Thread Michael Reed
Hi all, I noticed that the default for the sshd_config option "PermitRootLogin" changed from "yes" to "no" [1], but afterboot(8) still refers to it as if "yes" is the default. Perhaps the sub-section could be reworded a bit to clarify the new default, but I'll leave that to the developers as I'm

Re: buffer overrun in fnmatch.c

2015-07-31 Thread Todd C. Miller
On Fri, 31 Jul 2015 21:16:51 +0200, Stefan Sperling wrote: > That's much cleaner and I can confirm it fixes the issue. > Can we move the break on the next line? Apart from that, ok with me. Sure. I also verified the fix with valgrind. - todd Index: lib/libc/gen/fnmatch.c =

Re: buffer overrun in fnmatch.c

2015-07-31 Thread Stefan Sperling
On Fri, Jul 31, 2015 at 12:58:47PM -0600, Todd C. Miller wrote: > The problem is that classmatch() can change pattern so we need to > check to see if it was consumed afterwards. > > - todd > > Index: lib/libc/gen/fnmatch.c > === > R

Re: buffer overrun in fnmatch.c

2015-07-31 Thread Stefan Sperling
On Fri, Jul 31, 2015 at 11:18:15AM -0700, enh wrote: > automated fuzzing caught this: > > #include > #include > int main() { > char *str = strdup("*[\\$:*[:lower:]"); > fnmatch(str, str, 0x27); > } > > ==14566==ERROR: AddressSanitizer: heap-buffer-overflow on address > 0x6020f000 at pc

Re: buffer overrun in fnmatch.c

2015-07-31 Thread Todd C. Miller
The problem is that classmatch() can change pattern so we need to check to see if it was consumed afterwards. - todd Index: lib/libc/gen/fnmatch.c === RCS file: /cvs/src/lib/libc/gen/fnmatch.c,v retrieving revision 1.18 diff -u -p -

[PATCH] Proposal to remove -f for arp(8) and ndp(8)

2015-07-31 Thread Dimitris Papastamos
Hi everyone, This is a patch that removes -f for arp(8) and ndp(8). As it stands currently, ndp(8) -f is not hooked in the code so no one is probably using that. arp(8) -f is currently functional but I am not sure how useful. If you are using this option, please reply to this thread. Below you

[DIFF] System accounting records

2015-07-31 Thread Craig Skinner
Hello, The diffs below produce this output: daily(8) email segment (if verbose): System accounting records: COMMANDS TIME I/O CORE USER 6407 22.0270521 0 root 142 0.10 383 0 operator 440 1.070 0 sshd 1398 113.39 267245