[925] in linux-security and linux-alert archive
Re: [linux-security] Re: identd hole?
daemon@ATHENA.MIT.EDU (lilo)
Thu Jul 18 13:44:40 1996
From: lilo <TaRDiS@mail.utexas.edu>
Date: Thu, 18 Jul 1996 06:51:49 -0500 (CDT)
To: "Dave G." <daveg@escape.com>
cc: bugtraq@netspace.org, linux-security@tarsier.cv.nrao.edu, blh@nol.net
In-Reply-To: <199607161415.KAA09951@escape.com>
On Tue, 16 Jul 1996, Dave G. wrote:
> As far as I know, there is no buffer overflow in atoi() under linux.
> This rumor was started when there was a problem in some IRC clients. At
> the time I took a look at atoi() and strtol(). Not only were there no
> buffer overflows, there were no buffers at all :).
Well, the problem has not been sufficiently debugged. The fact that it only
occurred in pre-5.3.9 ELF libc, and that it was universally resolved by
upgrading the libc to 5.3.12 (really we did spend a fair amount of time
verifying that behavior) seemed indicative of a library problem, and the
atoi() diagnosis was volunteered by someone with more time on their hands,
and possibly less skill.... :)
lilo