[2959] in bugtraq
Re: [linux-security] Re: identd hole?
daemon@ATHENA.MIT.EDU (lilo)
Thu Jul 18 12:36:11 1996
Date: Thu, 18 Jul 1996 06:51:49 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: lilo <TaRDiS@Mail.UTexas.EDU>
X-To: "Dave G." <daveg@escape.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199607161415.KAA09951@escape.com>
On Tue, 16 Jul 1996, Dave G. wrote:
> As far as I know, there is no buffer overflow in atoi() under linux.
> This rumor was started when there was a problem in some IRC clients. At
> the time I took a look at atoi() and strtol(). Not only were there no
> buffer overflows, there were no buffers at all :).
Well, the problem has not been sufficiently debugged. The fact that it only
occurred in pre-5.3.9 ELF libc, and that it was universally resolved by
upgrading the libc to 5.3.12 (really we did spend a fair amount of time
verifying that behavior) seemed indicative of a library problem, and the
atoi() diagnosis was volunteered by someone with more time on their hands,
and possibly less skill.... :)
lilo
