Date: Fri, 20 Oct 1995 14:41:00 +1000 From: Bruce Evans <bde@zeta.org.au> To: davidg@Root.COM, nate@elite.net Cc: security@freebsd.org Subject: Re: statustatus of syslog patch? Message-ID: <199510200441.OAA15709@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>>What is the status of the patch for the buffer overflow in syslog()? >>I checked FreeBSD-current as of 10/19 and the sccs id still says: >>"@(#)syslog.c 8.4 (Berkeley) 3/18/94" > It'll say that until the end of time...that's Berkeley's ID. Our ID's are >in the form of "$Id: <blah blah> $"...we use cvs/RCS (not SCCS). Not all of >our source files have $Id$'s in them; we haven't gotten around to adding them >yet. syslog.c is one of the ones that doesn't have $Id$. I dislike adding $Id$ to files that we haven't otherwise changed, and otherwise changes like the whitespace changes that touched hundreds of files. Such changes make it hard to see what has really changed. >>Does anyone plan to integrate it into the source tree? If not, can someone >>please send me a copy of syslog.c that safely and intelligently uses >>snprintf to limit buffer overflows? > It has already been integrated. It actually uses fwopen(), not the primitive snprintf(). Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510200441.OAA15709>