Date: Fri, 09 Jun 2000 10:54:22 -0400 From: John Holland <john@zoner.org> To: ports@FreeBSD.org, freebsd-ports@FreeBSD.ORG Subject: Hylafax security audit Message-ID: <4.3.1.0.20000609101719.00ae4900@pop.mindspring.com>
next in thread | raw e-mail | index | archive | help
Hylafax has been marked BROKEN/FORBIDDEN since 12/1/1999 due to a setuid uucp buffer overflow in faxalter. The fix for that overflow is trivial, but I noticed a number of other of unchecked string copies in other portions of the code. I'd like to fix the buffer overflows so FreeBSD can have a secure port of Hylafax. Is anyone else working on this? Is Hylafax doing anything about this? Are there any functions other than these which I should check? strcpy strcat getwd gets scanf fscanf vscanf realpath sprintf vsprintf To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.1.0.20000609101719.00ae4900>