From owner-freebsd-security  Thu Oct 19 21:59:46 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id VAA15643
          for security-outgoing; Thu, 19 Oct 1995 21:59:46 -0700
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA15637
          for <security@freebsd.org>; Thu, 19 Oct 1995 21:59:43 -0700
Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.12/8.6.12) with SMTP id VAA20768; Thu, 19 Oct 1995 21:58:26 -0700
Message-Id: <199510200458.VAA20768@precipice.shockwave.com>
To: Nate Lawson <nate@elite.net>
cc: security@freebsd.org
Subject: Re: statustatus of syslog patch? 
In-reply-to: Your message of "Thu, 19 Oct 1995 20:07:34 PDT."
             <199510200307.UAA15977@elite.net> 
Date: Thu, 19 Oct 1995 21:58:26 -0700
From: Paul Traina <pst@shockwave.com>
Sender: owner-security@freebsd.org
Precedence: bulk

We're not using snprintf().  I don't understand, I thought peter had
incorporated his version, as his is far supperior to what Eric or I
proposed.

peter?

  From: Nate Lawson <nate@elite.net>
  Subject: statustatus of syslog patch?
  What is the status of the patch for the buffer overflow in syslog()?
  I checked FreeBSD-current as of 10/19 and the sccs id still says:
  "@(#)syslog.c    8.4 (Berkeley) 3/18/94"
  
  Does anyone plan to integrate it into the source tree?  If not, can someone
  please send me a copy of syslog.c that safely and intelligently uses
  snprintf to limit buffer overflows?
  
  Thanks,
  Nate
  E. Admin