Slashdot Mirror

← Back to Stories (view on slashdot.org)

33-Year-Old Unix Bug Fixed In OpenBSD

Posted by kdawson on from the yet-another-stack-overflow dept.

Ste sends along the cheery little story of Otto Moerbeek, one of the OpenBSD developers, who recently found and fixed a 33-year-old buffer overflow bug in Yacc. "But if the stack is at maximum size, this will overflow if an entry on the stack is larger than the 16 bytes leeway my malloc allows. In the case of of C++ it is 24 bytes, so a SEGV occurred. Funny thing is that I traced this back to Sixth Edition UNIX, released in 1975."

5 of 162 comments (clear)

  1. Re:bad omen by Anonymous Coward · · Score: 1, Insightful

    Just because I hate it when people do this:

    WHOOOOSH!!!

    Sorry about that...

  2. Re:Was it really a bug back then? by QuantumG · · Score: 5, Insightful

    If you overflow a buffer then it's a bug, whether it is exploitable or not.

    --
    How we know is more important than what we know.
  3. Re:bad omen by p0tat03 · · Score: 2, Insightful

    Or we're so painfully slow with fixing bugs that we JUST got around to 1975 :P There are always multiple views :P

  4. ERRATA by Zero__Kelvin · · Score: 2, Insightful

    I'll catch myself before someone else does. Everything I said above is true, except that ls isn't complaining. The OS, specifically exec() and friends, is complaining because the command line length when the shell expands the wildcard exceeds ARG_MAX. Increase ARG_MAX if you want to allow more files, or use a variation of find with the -exec option or xargs, etc.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  5. Re:bad omen by incripshin · · Score: 3, Insightful

    Well, they're not checking yacc for bugs for the hell of it. They're reimplementing malloc to be more efficient, but it broke buggy code. Is there any other option than to fix yacc?