33-Year-Old Unix Bug Fixed In OpenBSD

Ste sends along the cheery little story of Otto Moerbeek, one of the OpenBSD developers, who recently found and fixed a 33-year-old buffer overflow bug in Yacc. "But if the stack is at maximum size, this will overflow if an entry on the stack is larger than the 16 bytes leeway my malloc allows. In the case of of C++ it is 24 bytes, so a SEGV occurred. Funny thing is that I traced this back to Sixth Edition UNIX, released in 1975."

Re:bad omen

[Anonymous Coward]

Just because I hate it when people do this:

WHOOOOSH!!!

Sorry about that...

Re:Was it really a bug back then?

[QuantumG]

If you overflow a buffer then it's a bug, whether it is exploitable or not.

Re:bad omen

[p0tat03]

Or we're so painfully slow with fixing bugs that we JUST got around to 1975 :P There are always multiple views :P

ERRATA

[Zero__Kelvin]

I'll catch myself before someone else does. Everything I said above is true, except that ls isn't complaining. The OS, specifically exec() and friends, is complaining because the command line length when the shell expands the wildcard exceeds ARG_MAX. Increase ARG_MAX if you want to allow more files, or use a variation of find with the -exec option or xargs, etc.

Re:bad omen

[incripshin]

Well, they're not checking yacc for bugs for the hell of it. They're reimplementing malloc to be more efficient, but it broke buggy code. Is there any other option than to fix yacc?