lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 10 Feb 2004 19:00:24 +0100
From: Giuseppe <giusc@...s.it>
To: bugtraq@...urityfocus.com
Subject: Re: Eggrop bug



>Thankfully resync sharing is considered broken and most people do not
>use it. Indeed though, this is a bug and thank you for finding it.

that's not exactly true; yes, many people don't use resync, but..

char *share_start(Function *global_funcs)
{
....................
   add_hook(HOOK_SHAREIN, (Function) sharein_mod);
   add_hook(HOOK_MINUTELY, (Function) check_expired_tbufs);
^^^^^^^^^
   add_hook(HOOK_READ_USERFILE, (Function) hook_read_userfile);
....................
}

the function, however, is called minutely, so the bug exists also if resync 
is disabled.
As in previous mail has been already said, check_expired_tbufs() first 
check for timed out resync buffers, then, "accomplish to handle userfile 
requests in limbo (that haven't received yet any response from tandem bot)".

>Where did you notify eggheads? I seem to be blind while looking for it.

We've notified you at bugs@...heads.org; in a private e-mail i''ve sent to 
you the response we received.


With respect,
giuseppe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ