Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-Id: <5.1.0.14.0.20010621085251.040efec0@mail>
X-Sender: superbiskit AT mail
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 21 Jun 2001 08:59:52 -0400
To: Alois DOT Steindl AT tuwien DOT ac DOT at, Cygwin General MailList <cygwin AT cygwin DOT com>
From: "David A. Cobb" <superbiskit AT home DOT com>
Subject: Re: * Re: 1.1.8: Too large entry in termcap file
In-Reply-To: <01062110062500.00883@mch2pc28>
References: <5 DOT 1 DOT 0 DOT 14 DOT 0 DOT 20010620162323 DOT 00ac0510 AT mail>
 <5 DOT 1 DOT 0 DOT 14 DOT 0 DOT 20010620162323 DOT 00ac0510 AT mail>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

Alois, I hope you don't mind that I've posted this also on the list.

At 6/21/01 04:06 AM (Thursday), you wrote:
>Hello,
>thanks for your reply.
>
>On Wednesday 20 June 2001 22:27, you wrote:
> >
> > [cgf:] To say nothing of security breaches.  I've had 3 BugTraq notices in
> > 2 days about buffer overrun exploits in code that we include with Cygwin.
> >
>since English isn't my first language:
>Does this mean that you have encountered buffer overrun problems in code from
>cygwin or in code from users, who use programs (and libraries) from the
>cygwin project to compile/run their code?

In utilities that are included in the Cygwin download.  I cannot be certain 
that the codebase is the same.
To be more precise: one reported for rxvt by Debian, one in fetchmail - I 
now realize there's no "official" cygwin fetchmail, and one in an AIX 
version of rsh.gethostbyname() - and who knows whether their codebase is 
the same.  So I was slightly hasty.  A very common type of vulnerability in 
any case.

>To me it seems that any potential source of buffer overruns should be
>avoided. It's also quite dangerous to increase the required buffer length,
>since users of free software will almost certainly not be aware of the
>necessity to look at any included sub-project individually.
>In my case I tried to install the fweb package, which I have used frequently
>on mainly unixoid systems on a notebook with cygwin. The installation worked
>successfully, but the program crashed. It took me quite a while until I
>figured out that the problem was a buffer overrun in a termcap routine.
>Although I rather quickly suspected tgetent() to be the problem, I needed
>several hours to find the reason: I compared the description from the manual
>with the code surrounding the call and everything seemed to be fine. Then I
>realized that changing the TERM variable to vt100 avoided the crashes.
>Looking at the termcap file I got the impression that the linux entry, which
>is pointed to by the cygwin entry, is very large and then realized, that it
>is larger than the 1024 bytes.
>Even if the man pages would have been correct, it would have taken some time
>to find the reason for the crashes.
>
>Alois

David A. Cobb, Software Engineer, Public Access Advocate, All around nice guy.
Get my PGP key at
:<http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=superbiskit>
Fingerprint=0x{6E3E_DB8C_2E8C_4248_62B2_FE29_08EE_CF0A_3629_E954}
"By God's Grace I am a Christian man, by my actions a great sinner."
--The Way of a Pilgrim, R. M. French [tr.]
<---.----!----.----!----.----!----.----!----.----!----.----!----.---->


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple