2:03 PM - CVE-2011-3336
I just patched CVE-2011-3336
This could be used as a denial of service attack against FTP servers or anything else that uses regular expressions from libc. A "bad" regex can consume massive amounts of memory.
The fix has been committed to CURRENT. I want to test this further before applying it to 0.3, but if you have a public facing system, you may wish to grab the following file and rebuild libc:
http://www.midnightbsd.org/cgi-bin/cvsweb.cgi/src/lib/libc/regex/regcomp.c?rev=1.3;content-type=text%2Fplain
The patch does pass the regression tests, but I'm not certain the memory limit calculation is correct. Our implementation is a bit different than NetBSD's as it supports wide characters.