Re: Patch for DoS attack in ipc/msg.c

Manfred (manfreds@colorfullife.com)
Tue, 2 Nov 1999 06:03:49 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Josef =?iso-8859-1?Q?H=F6=F6k?=: "Re: jfs/linux"
Previous message: dony: "Re: le32_to_cpu() help..."
Maybe in reply to: Scott Maxwell: "Patch for DoS attack in ipc/msg.c"
Next in thread: Tuukka Toivonen: "Re: console color code location?"

Scott wrote:
> (note that struct msgbuf includes one byte for
> the message text, so this should be safe)
this is the user-space visible msgbuf structure, the
actual structure is "msg_msg", defined at the beginning
of ipc/msg.c. This structure does not contain that byte.

Could you wait until Friday? I'd like to check the POSIX
standard: a zero-sized message contains a msgtype, and perhaps
someone sends zero-sized messages with a special msgtype
to recover from an overflown msgqueue?

Thanks for your bug report,
Manfred

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Josef =?iso-8859-1?Q?H=F6=F6k?=: "Re: jfs/linux"
Previous message: dony: "Re: le32_to_cpu() help..."
Maybe in reply to: Scott Maxwell: "Patch for DoS attack in ipc/msg.c"
Next in thread: Tuukka Toivonen: "Re: console color code location?"