Re: grep vs. CVE-2012-5667 (integer type too small)

Subject: Re: grep vs. CVE-2012-5667 (integer type too small)
From: Ignatios Souvatzis <is%netbsd.org@localhost>
Date: Sun, 30 Dec 2012 21:39:56 +0100

Hi,

On Fri, Dec 28, 2012 at 11:29:01AM +0100, Ignatios Souvatzis wrote:

> a) 
> <http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189>
> 
> and two others that also relate to integer overflow fixes from 2.11:
> 
> b) 
> <http://git.savannah.gnu.org/cgit/grep.git/commit/?id=4572ea4649d025e51463d48c2d06a1c66134cdb8>
>  
> (don't call pcre_exec with lines of > 2^31 bytes)
> 
> and 
> 
> c) 
> <http://git.savannah.gnu.org/cgit/grep.git/commit/?id=8fcf61523644df42e1905c81bed26838e0b04f91>

Be aware that those patches are derived from GPLv3 code... not all changes
are a simple integer type change.

        -is

References:
- grep vs. CVE-2012-5667 (integer type too small)
  - From: Ignatios Souvatzis

Prev by Date: Re: Return Value of realloc(3)
Next by Date: proplib and the jet age
Previous by Thread: grep vs. CVE-2012-5667 (integer type too small)
Next by Thread: Add -l/-L (list) options to units(1)
Indexes:

Home | Main Index | Thread Index | Old Index