Date: Thu, 19 Oct 1995 21:58:26 -0700 From: Paul Traina <pst@shockwave.com> To: Nate Lawson <nate@elite.net> Cc: security@freebsd.org Subject: Re: statustatus of syslog patch? Message-ID: <199510200458.VAA20768@precipice.shockwave.com> In-Reply-To: Your message of "Thu, 19 Oct 1995 20:07:34 PDT." <199510200307.UAA15977@elite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
We're not using snprintf(). I don't understand, I thought peter had incorporated his version, as his is far supperior to what Eric or I proposed. peter? From: Nate Lawson <nate@elite.net> Subject: statustatus of syslog patch? What is the status of the patch for the buffer overflow in syslog()? I checked FreeBSD-current as of 10/19 and the sccs id still says: "@(#)syslog.c 8.4 (Berkeley) 3/18/94" Does anyone plan to integrate it into the source tree? If not, can someone please send me a copy of syslog.c that safely and intelligently uses snprintf to limit buffer overflows? Thanks, Nate E. Admin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510200458.VAA20768>