Subject: Re: daily insecurity
To: None <current-users@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: current-users
Date: 12/09/2006 21:43:15
In article <20061209072806.GA21934@babymeat.com>,
Tom Spindler  <dogcow@babymeat.com> wrote:
>This appears to be due to column(1) going insane when trying to
>parse the output in /etc/security; running the offending command under
>gdb gives me the following:
>248                             (void)printf("%s%*s", t->list[coloff],
>249                                 lens[coloff] - t->len[coloff] + 2, " ");
>
>(gdb) print lens[coloff]
>$5 = 757953069
>
>"oops."
>
>This appears to have been caused by the -r1.15 revision of column.c,
>which changed to the libutil versions of emalloc/erealloc/estrdup.
>Trying to figure out how to fix it now.

Yes, the problem is that the previous version of emalloc zeroed out the
buffer.

christos