Subject: Re: NetBSD Security Advisory 2007-004: Insufficient length checking in iso(4)
To: Anne Bennett <email@example.com>
From: Greg Troxel <firstname.lastname@example.org>
Date: 07/28/2007 15:16:31
The release tag won't be moved. You probably want to update to
netbsd-3-1 which is the tag for the stable branch along which 3.1 was
cut. I just follow netbsd-3, which has more pullups, but I've never had
trouble from following a post-release stable branch.
'cvs log' on such a file is helpful. excerpts
RCS file: /cvsroot/src/sys/netiso/clnp_subr.c,v
Working file: clnp_subr.c
As you can see it's mostly 1.17.
date: 2007/03/29 08:53:31; author: ghen; state: Exp; lines: +35 -23
Pull up following revision(s) (requested by adrianp in ticket #1733):
sys/netiso/clnp_subr.c: revision 1.27 via patch
A number of functions do not validate the length of arguments passed.
As a result of this a user could supply a bad 'sockaddr' structure to
clnp_route() via connect(2).
Issue found by Christer Oberg and patch from christos@ (NetBSD-SA2007-004)