| -----Original Message----- | From: Tom [mailto:tom@lemuria.org] | Sent: Monday, June 10, 2002 4:20 AM | To: bugtraq@securityfocus.com | Subject: remote DoS in Mozilla 1.0 | [...] | | Vendor Contact | ============== [...] | also filed with the XFree86 team, no reaction so far | | There is chatter but the same type of question regarding "at what point [is] a request for a font ... clearly invalid" is being asked. ---------- Forwarded message ---------- Date: Thu, 13 Jun 2002 09:46:56 +0100 From: Juliusz Chroboczek <jec@dcs.ed.ac.uk> Reply-To: xpert@XFree86.Org To: xpert@XFree86.Org Subject: Re: [Xpert]abort() in libXfont 4.2.0 (was FW: remote DoS in Mozilla 1.0) From: Juliusz Chroboczek <jec@dcs.ed.ac.uk> Subject: Re: [bugtraq] remote DoS in Mozilla 1.0 To: devel@xfree86.org Date: 12 Jun 2002 08:51:49 +0100 MH> Interesting problem reported on bugtraq: MH> <http://online.securityfocus.com/archive/1/276120> I see. Two bugs here. One is the dodgy error-handling in the Type 1 backend, which gives up by calling abort() (see the very end of curves.c). I agree that this is a bug; however, as I'm hoping to phase out the current Type 1 backend in favour of one based on FreeType 2 in time for 4.3.0, I do not intend to fix it. The other problem is that we do not fail a priori requests for very large fonts. I do agree that this should be done, and I think it should be done at the common layer (above the font backends); could anyone suggest at what point a request for a font is clearly invalid? Juliusz _______________________________________________ Xpert mailing list Xpert@XFree86.Org http://XFree86.Org/mailman/listinfo/xpert
