[Midnightbsd-cvs] src: glob.c: A recently security vulnerability was reported in glob

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Fri Oct 8 12:33:29 EDT 2010


Log Message:
-----------
A recently security vulnerability was reported in glob memory limit handling.  It allows for remote dos attacks on ftp and sftp servers among other things.

Add new limits based on a patch from DragonFly and NetBSD. 

Note there are still issues here:

1. No man page changes yet.
2. sftp has not been fully patched yet.

Modified Files:
--------------
    src/lib/libc/gen:
        glob.c (r1.2 -> r1.3)
        (http://cvsweb.midnightbsd.org/src/lib/libc/gen/glob.c?r1=1.2&r2=1.3)


More information about the Midnightbsd-cvs mailing list