1. 17

  2. 5

    The vulnerable code was introduced a minimum of 26 years ago.

    1. 5

      Earlier today I whined on IRC about these vulnerability databases that don’t even bother with linking the patch.

      Well, now that the changes are in all three tagged BSDs, I decided to take a look at it anyway (frustrating, I really have to dig for patches? this is how code gets reviewed?). It looks like they all got it wrong. Free & Open accidentally increment a remaining space counter and NetBSD happily stores a NUL byte after the buffer if it’s full.

      1. 3

        This is the kind of a function that should immediately look suspicious. If anyone ever looked. obuf has a magic size, and there are no bounds checking. How do you know the size is right? You need to dig elsewhere to find out if it is.

        Thankfully it’s a low severity vulnerability in practice.

        1. 2

          @tedu has an interesting blog on it here

        2. 1

          Note: I’m not sure if OpenBSD and NetBSD are vulnerable.

          1. 3

            Confirmed: OpenBSD and NetBSD are both vulnerable.