Date: 21 Oct 1995 15:08:40 +0800 From: peter@haywire.dialix.com (Peter Wemm) To: freebsd-security@freebsd.org Subject: Re: statustatus of syslog patch? Message-ID: <46a69o$7de$1@haywire.DIALix.COM> References: <199510200307.UAA15977@elite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
nate@elite.net (Nate Lawson) writes: >What is the status of the patch for the buffer overflow in syslog()? >I checked FreeBSD-current as of 10/19 and the sccs id still says: >"@(#)syslog.c 8.4 (Berkeley) 3/18/94" >Does anyone plan to integrate it into the source tree? If not, can someone >please send me a copy of syslog.c that safely and intelligently uses >snprintf to limit buffer overflows? >Thanks, >Nate >E. Admin Whoops. I forgot to add/change the file ID when I fixed it before. The FreeBSD version is (IMHO) better than the snprintf() version because it more efficiently checks for buffer overruns at every point that the buffer is written to, by way of the 4.4BSD specific fwopen() library call. -Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46a69o$7de$1>