From owner-freebsd-security Thu Oct 19 20:32:13 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA13214 for security-outgoing; Thu, 19 Oct 1995 20:32:13 -0700 Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA13208 for ; Thu, 19 Oct 1995 20:32:03 -0700 Received: from corbin.Root.COM (corbin [198.145.90.50]) by Root.COM (8.6.12/8.6.5) with ESMTP id UAA29466; Thu, 19 Oct 1995 20:32:00 -0700 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id UAA02698; Thu, 19 Oct 1995 20:31:12 -0700 Message-Id: <199510200331.UAA02698@corbin.Root.COM> To: Nate Lawson cc: security@freebsd.org Subject: Re: statustatus of syslog patch? In-reply-to: Your message of "Thu, 19 Oct 95 20:07:34 PDT." <199510200307.UAA15977@elite.net> From: David Greenman Reply-To: davidg@Root.COM Date: Thu, 19 Oct 1995 20:31:11 -0700 Sender: owner-security@freebsd.org Precedence: bulk >What is the status of the patch for the buffer overflow in syslog()? >I checked FreeBSD-current as of 10/19 and the sccs id still says: >"@(#)syslog.c 8.4 (Berkeley) 3/18/94" It'll say that until the end of time...that's Berkeley's ID. Our ID's are in the form of "$Id: $"...we use cvs/RCS (not SCCS). Not all of our source files have $Id$'s in them; we haven't gotten around to adding them yet. >Does anyone plan to integrate it into the source tree? If not, can someone >please send me a copy of syslog.c that safely and intelligently uses >snprintf to limit buffer overflows? It has already been integrated. -DG