This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

Re: * Re: 1.1.8: Too large entry in termcap file

To: Alois dot Steindl at tuwien dot ac dot at,Cygwin General MailList <cygwin at cygwin dot com>
Subject: Re: * Re: 1.1.8: Too large entry in termcap file
From: "David A. Cobb" <superbiskit at home dot com>
Date: Thu, 21 Jun 2001 08:59:52 -0400
References: <5.1.0.14.0.20010620162323.00ac0510@mail><5.1.0.14.0.20010620162323.00ac0510@mail>

Alois, I hope you don't mind that I've posted this also on the list.

At 6/21/01 04:06 AM (Thursday), you wrote:
>Hello,
>thanks for your reply.
>
>On Wednesday 20 June 2001 22:27, you wrote:
> >
> > [cgf:] To say nothing of security breaches.  I've had 3 BugTraq notices in
> > 2 days about buffer overrun exploits in code that we include with Cygwin.
> >
>since English isn't my first language:
>Does this mean that you have encountered buffer overrun problems in code from
>cygwin or in code from users, who use programs (and libraries) from the
>cygwin project to compile/run their code?

In utilities that are included in the Cygwin download.  I cannot be certain 
that the codebase is the same.
To be more precise: one reported for rxvt by Debian, one in fetchmail - I 
now realize there's no "official" cygwin fetchmail, and one in an AIX 
version of rsh.gethostbyname() - and who knows whether their codebase is 
the same.  So I was slightly hasty.  A very common type of vulnerability in 
any case.

>To me it seems that any potential source of buffer overruns should be
>avoided. It's also quite dangerous to increase the required buffer length,
>since users of free software will almost certainly not be aware of the
>necessity to look at any included sub-project individually.
>In my case I tried to install the fweb package, which I have used frequently
>on mainly unixoid systems on a notebook with cygwin. The installation worked
>successfully, but the program crashed. It took me quite a while until I
>figured out that the problem was a buffer overrun in a termcap routine.
>Although I rather quickly suspected tgetent() to be the problem, I needed
>several hours to find the reason: I compared the description from the manual
>with the code surrounding the call and everything seemed to be fine. Then I
>realized that changing the TERM variable to vt100 avoided the crashes.
>Looking at the termcap file I got the impression that the linux entry, which
>is pointed to by the cygwin entry, is very large and then realized, that it
>is larger than the 1024 bytes.
>Even if the man pages would have been correct, it would have taken some time
>to find the reason for the crashes.
>
>Alois

David A. Cobb, Software Engineer, Public Access Advocate, All around nice guy.
Get my PGP key at
:<http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=superbiskit>
Fingerprint=0x{6E3E_DB8C_2E8C_4248_62B2_FE29_08EE_CF0A_3629_E954}
"By God's Grace I am a Christian man, by my actions a great sinner."
--The Way of a Pilgrim, R. M. French [tr.]
<---.----!----.----!----.----!----.----!----.----!----.----!----.---->


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple

References:
- * Re: 1.1.8: Too large entry in termcap file
  - From: David A. Cobb

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]