Date: Fri, 01 Sep 1995 11:32:09 -0700 From: Eric Allman <eric@cs.berkeley.edu> To: Karl Strickland <karl@bagpuss.demon.co.uk> Cc: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>, peter@haywire.dialix.com, freebsd-security@freebsd.org Subject: Re: Eric Allman's syslog.c fixes Message-ID: <199509011832.LAA00429@mastodon.CS.Berkeley.EDU> In-Reply-To: Mail from Karl Strickland <karl@bagpuss.demon.co.uk> dated Fri, 01 Sep 1995 07:42:59 BST <199509010643.HAA08351@bagpuss.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
My take is that the copied fmt string should not be a problem, because applications shouldn't be allowing the user to specify it (if they did, users could drop in gratuitous `%'s). The only reason this is needed is to get %m, which wouldn't have been necessary in the first case if strerror() had existed, or if I had had the sense to implement that sort of routine instead of the special-purpose %m hack. Of course, it's always a good idea to bounds check -- I'm just saying that I doubt that this will be a serious problem in real life. eric ============= In Reply To: ============================================== : From: Karl Strickland <karl@bagpuss.demon.co.uk> : Subject: Re: Eric Allman's syslog.c fixes : Date: Fri, 1 Sep 1995 07:42:59 +0100 (BST) : > : > > : > > Eric Allman is running a new syslog.c through the mill at the : > > moment. It'll be the one published in the RSN CERT advisory I presume. : > > : > > It's thought to be bomproof on 4.4BSD systems (it uses vsnprintf), and : > > the only holdup is portability to other OS's. : > > : > > I keep a pretty close eye on this area, as it's sendmail related. Is : > > it worth bringing in the currently 'endorsed' version, and updating it : > > to the CERT version if there are any changes later? : > : > Yes, that would give Eric additional test data and eyes looking at : > the solution. : : I think that the fmt string should also be bounds checked - there is still : no bounds check on the copy from the user supplied fmt string into the : internal buffer. Having said that, Im not aware of anything that lets : the user mess with the fmt string, but I think it makes sense to fix it : at this point. : : Other than that, it looks good to me -- I did a make world (yes i know : its extreme :)) with it and its been going without problems for > 24 hours.. : : -- : ------------------------------------------+---------------------------------- - : Mailed using ELM on FreeBSD | Karl Stricklan d : PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.u k : |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509011832.LAA00429>