From owner-freebsd-security Thu Oct 19 20:04:58 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA12184 for security-outgoing; Thu, 19 Oct 1995 20:04:58 -0700 Received: from elite.net (root@elite.net [205.199.220.1]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA12176 for ; Thu, 19 Oct 1995 20:04:51 -0700 Received: (from nate@localhost) by elite.net (8.6.12/ELITE) id UAA15977 for security@freebsd.org; Thu, 19 Oct 1995 20:07:34 -0700 Date: Thu, 19 Oct 1995 20:07:34 -0700 From: Nate Lawson Message-Id: <199510200307.UAA15977@elite.net> To: security@freebsd.org Subject: statustatus of syslog patch? Sender: owner-security@freebsd.org Precedence: bulk What is the status of the patch for the buffer overflow in syslog()? I checked FreeBSD-current as of 10/19 and the sccs id still says: "@(#)syslog.c 8.4 (Berkeley) 3/18/94" Does anyone plan to integrate it into the source tree? If not, can someone please send me a copy of syslog.c that safely and intelligently uses snprintf to limit buffer overflows? Thanks, Nate E. Admin From owner-freebsd-security Thu Oct 19 20:32:13 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA13214 for security-outgoing; Thu, 19 Oct 1995 20:32:13 -0700 Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA13208 for ; Thu, 19 Oct 1995 20:32:03 -0700 Received: from corbin.Root.COM (corbin [198.145.90.50]) by Root.COM (8.6.12/8.6.5) with ESMTP id UAA29466; Thu, 19 Oct 1995 20:32:00 -0700 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id UAA02698; Thu, 19 Oct 1995 20:31:12 -0700 Message-Id: <199510200331.UAA02698@corbin.Root.COM> To: Nate Lawson cc: security@freebsd.org Subject: Re: statustatus of syslog patch? In-reply-to: Your message of "Thu, 19 Oct 95 20:07:34 PDT." <199510200307.UAA15977@elite.net> From: David Greenman Reply-To: davidg@Root.COM Date: Thu, 19 Oct 1995 20:31:11 -0700 Sender: owner-security@freebsd.org Precedence: bulk >What is the status of the patch for the buffer overflow in syslog()? >I checked FreeBSD-current as of 10/19 and the sccs id still says: >"@(#)syslog.c 8.4 (Berkeley) 3/18/94" It'll say that until the end of time...that's Berkeley's ID. Our ID's are in the form of "$Id: $"...we use cvs/RCS (not SCCS). Not all of our source files have $Id$'s in them; we haven't gotten around to adding them yet. >Does anyone plan to integrate it into the source tree? If not, can someone >please send me a copy of syslog.c that safely and intelligently uses >snprintf to limit buffer overflows? It has already been integrated. -DG From owner-freebsd-security Thu Oct 19 21:43:42 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id VAA15348 for security-outgoing; Thu, 19 Oct 1995 21:43:42 -0700 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA15342 for ; Thu, 19 Oct 1995 21:43:35 -0700 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id OAA15709; Fri, 20 Oct 1995 14:41:00 +1000 Date: Fri, 20 Oct 1995 14:41:00 +1000 From: Bruce Evans Message-Id: <199510200441.OAA15709@godzilla.zeta.org.au> To: davidg@Root.COM, nate@elite.net Subject: Re: statustatus of syslog patch? Cc: security@freebsd.org Sender: owner-security@freebsd.org Precedence: bulk >>What is the status of the patch for the buffer overflow in syslog()? >>I checked FreeBSD-current as of 10/19 and the sccs id still says: >>"@(#)syslog.c 8.4 (Berkeley) 3/18/94" > It'll say that until the end of time...that's Berkeley's ID. Our ID's are >in the form of "$Id: $"...we use cvs/RCS (not SCCS). Not all of >our source files have $Id$'s in them; we haven't gotten around to adding them >yet. syslog.c is one of the ones that doesn't have $Id$. I dislike adding $Id$ to files that we haven't otherwise changed, and otherwise changes like the whitespace changes that touched hundreds of files. Such changes make it hard to see what has really changed. >>Does anyone plan to integrate it into the source tree? If not, can someone >>please send me a copy of syslog.c that safely and intelligently uses >>snprintf to limit buffer overflows? > It has already been integrated. It actually uses fwopen(), not the primitive snprintf(). Bruce From owner-freebsd-security Thu Oct 19 21:59:46 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id VAA15643 for security-outgoing; Thu, 19 Oct 1995 21:59:46 -0700 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA15637 for ; Thu, 19 Oct 1995 21:59:43 -0700 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.12/8.6.12) with SMTP id VAA20768; Thu, 19 Oct 1995 21:58:26 -0700 Message-Id: <199510200458.VAA20768@precipice.shockwave.com> To: Nate Lawson cc: security@freebsd.org Subject: Re: statustatus of syslog patch? In-reply-to: Your message of "Thu, 19 Oct 1995 20:07:34 PDT." <199510200307.UAA15977@elite.net> Date: Thu, 19 Oct 1995 21:58:26 -0700 From: Paul Traina Sender: owner-security@freebsd.org Precedence: bulk We're not using snprintf(). I don't understand, I thought peter had incorporated his version, as his is far supperior to what Eric or I proposed. peter? From: Nate Lawson Subject: statustatus of syslog patch? What is the status of the patch for the buffer overflow in syslog()? I checked FreeBSD-current as of 10/19 and the sccs id still says: "@(#)syslog.c 8.4 (Berkeley) 3/18/94" Does anyone plan to integrate it into the source tree? If not, can someone please send me a copy of syslog.c that safely and intelligently uses snprintf to limit buffer overflows? Thanks, Nate E. Admin From owner-freebsd-security Sat Oct 21 00:32:34 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id AAA08002 for security-outgoing; Sat, 21 Oct 1995 00:32:34 -0700 Received: from haywire.DIALix.COM (news@haywire.DIALix.COM [192.203.228.65]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id AAA07363 for ; Sat, 21 Oct 1995 00:28:58 -0700 Received: (from news@localhost) by haywire.DIALix.COM (sendmail) id PAA08434 for freebsd-security@freebsd.org; Sat, 21 Oct 1995 15:26:23 +0800 (WST) Received: from GATEWAY by haywire.DIALix.COM with netnews for freebsd-security@freebsd.org (problems to: usenet@haywire.dialix.com) To: freebsd-security@freebsd.org Date: 21 Oct 1995 15:08:40 +0800 From: peter@haywire.dialix.com (Peter Wemm) Message-ID: <46a69o$7de$1@haywire.DIALix.COM> Organization: DIALix Services, Perth, Australia. References: <199510200307.UAA15977@elite.net> Subject: Re: statustatus of syslog patch? Sender: owner-security@freebsd.org Precedence: bulk nate@elite.net (Nate Lawson) writes: >What is the status of the patch for the buffer overflow in syslog()? >I checked FreeBSD-current as of 10/19 and the sccs id still says: >"@(#)syslog.c 8.4 (Berkeley) 3/18/94" >Does anyone plan to integrate it into the source tree? If not, can someone >please send me a copy of syslog.c that safely and intelligently uses >snprintf to limit buffer overflows? >Thanks, >Nate >E. Admin Whoops. I forgot to add/change the file ID when I fixed it before. The FreeBSD version is (IMHO) better than the snprintf() version because it more efficiently checks for buffer overruns at every point that the buffer is written to, by way of the 4.4BSD specific fwopen() library call. -Peter