3.3 Vulnerability Remediation
Note
Thursday, June 12, 2008
After I informed Sun about the bug, it developed the following patch to address the vulnerability:[35]
[..]
19165 if (*cp == IPIF_SEPARATOR_CHAR) {
19166 /*
19167 * Reject any non-decimal aliases for logical
19168 * interfaces. Aliases with leading zeroes
19169 * are also rejected as they introduce ambiguity
19170 * in the naming of the interfaces.
19171 * In order to confirm with existing semantics,
19172 * and to not break any programs/script relying
19173 * on that behaviour, if<0>:0 is considered to be
19174 * a valid interface.
19175 *
19176 * If alias has two or more digits and the first
19177 * is zero, fail.
19178 */
19179 if (&cp[2] < endp && cp[1] == '0') {
19180 if (error != NULL) ...
Get A Bug Hunter's Diary now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.