| To: | Martin Hicks <mort@xxxxxxxx> |
|---|---|
| Subject: | Re: [pcp] PCP bugs from SGI |
| From: | Greg Banks <gnb@xxxxxxxx> |
| Date: | Mon, 15 Mar 2010 20:42:26 +1100 |
| Cc: | Nathan Scott <nathans@xxxxxxxxxx>, kenj@xxxxxxxxxxxxxxxx, pcp@xxxxxxxxxxx |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type:content-transfer-encoding; bh=L3EnHQNeXtHBIXIxYJvIL3bAyQVU+c1/viWIjk/VFtI=; b=rGWnWX3jJS0IqBMMqcXEJJkINCFXEUh781VRjlzlzaJngxoY15P5mixDfqmT/rQ/in 3CZ+LR9KAaGNCZZYECx6nuu0xh4C3A82Dqu8C58X0i1QQyw2dQXwpAWP7e0ODGrfwq4J GkRXo72dqM3wwYY6AvDSKAmuOC+focup3HS1w= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=Bde3jQHD0tdESB9EgfoSoZuVUMqcwm/mFzJEbYL9STMINMtlXEPbDByh+Jix2BkGZt R16K/2noYiabvMnZt94GUQZUVKg51YEM5IRvDmS+t/yi68ZgXdy07xKQn9v/v8rougqF f1UR+K5hoaXtKTlCyAcnIRDDKRhGVHsceBDUY= |
| In-reply-to: | <20100313161134.GA3247@xxxxxxxxxxxxxxxxx> |
| References: | <1268429609.2642.690.camel@xxxxxxxxxxxxxxxx> <1762449926.1194231268441576454.JavaMail.root@xxxxxxxxxxxxxxxxxx> <20100313161134.GA3247@xxxxxxxxxxxxxxxxx> |
| Sender: | greg.n.banks@xxxxxxxxx |
On Sun, Mar 14, 2010 at 3:11 AM, Martin Hicks <mort@xxxxxxxx> wrote: > > On Sat, Mar 13, 2010 at 11:52:56AM +1100, Nathan Scott wrote: >> >> ----- "Ken McDonell" <kenj@xxxxxxxxxxxxxxxx> wrote: >> >> > OK, this was sloppy coding on my part, but it has probability of >> > occurrence that close to, or less than, the chance that I'll live to >> > 100 >> > years old. >> > >> > Because I'm retired and have nothing better to do (sigh), the >> > attached >> > patch addresses the issue ... if someone else would care to review it >> > and it looks acceptable, I'll gladly commit it into my oss tree. >> >> Looking good. Patch looks good to me too. >> >> The memory allocation based on the ntohl(pduProfile->numprof), or >> instprof->profile_len, value looks like it could still use some >> kind of ceiling sanity test? (as per Gregs bug) > > Yeah, it was that comment that struck me as the more important point. > Letting an arbitrary network-connected client allocate arbitrary amounts > of memory as root on the pmcd machine seems pretty terrible. What they said. While memory is plentiful today, so are malicious people. -- Greg. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [pcp] PCP bugs from SGI, Martin Hicks |
|---|---|
| Next by Date: | Re: [pcp] PCP bugs from SGI, Martin Hicks |
| Previous by Thread: | Re: [pcp] PCP bugs from SGI, Martin Hicks |
| Next by Thread: | Re: [pcp] PCP bugs from SGI, Ken McDonell |
| Indexes: | [Date] [Thread] [Top] [All Lists] |