3.3 Vulnerability Remediation

Note

Thursday, June 12, 2008

After I informed Sun about the bug, it developed the following patch to address the vulnerability:^[35]

[..]
19165    if (*cp == IPIF_SEPARATOR_CHAR) {
19166        /*
19167         * Reject any non-decimal aliases for logical
19168         * interfaces. Aliases with leading zeroes
19169         * are also rejected as they introduce ambiguity
19170         * in the naming of the interfaces.
19171         * In order to confirm with existing semantics,
19172         * and to not break any programs/script relying
19173         * on that behaviour, if<0>:0 is considered to be
19174         * a valid interface.
19175         *
19176         * If alias has two or more digits and the first
19177         * is zero, fail.
19178         */
19179        if (&cp[2] < endp && cp[1] == '0') {
19180 if (error != NULL) ...

Get A Bug Hunter's Diary now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

A Bug Hunter's Diary by

3.3 Vulnerability Remediation

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly