From owner-freebsd-audit  Wed Feb  7 15: 1: 9 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193])
	by hub.freebsd.org (Postfix) with ESMTP id C261637B6C4
	for <FreeBSD-audit@freebsd.org>; Wed,  7 Feb 2001 15:00:51 -0800 (PST)
Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190])
	by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f17N0ou377417
	for <FreeBSD-audit@freebsd.org>; Wed, 7 Feb 2001 18:00:51 -0500 (EST)
Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151])
 by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
 with ESMTP id <0G8E00LS0T9DJI@gkar.cc.vt.edu> for FreeBSD-audit@freebsd.org;
 Wed,  7 Feb 2001 18:00:49 -0500 (EST)
Date: Wed, 07 Feb 2001 18:00:49 -0500 (EST)
From: Mike Heffner <mheffner@vt.edu>
Subject: RE: lam(1) patch
In-reply-to: <XFMail.20010126005836.mheffner@vt.edu>
To: Mike Heffner <mheffner@vt.edu>
Cc: FreeBSD-audit <FreeBSD-audit@freebsd.org>
Message-id: <XFMail.20010207180049.mheffner@vt.edu>
MIME-version: 1.0
X-Mailer: XFMail 1.4.7 on FreeBSD
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 8bit
X-Priority: 3 (Normal)
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 26-Jan-2001 Mike Heffner wrote:
| 
| The following patch fixes the following:
| 
|  - sprintf() -> snprintf()
|  - manual (unbounded) while() loop string copying -> strlcpy()
|  - use tolower() rather than bit or'ing
|  - sanity check the user specified printf() format
|  - prevent walking off end of inputfile array
|  - some other string bounds issues
| 
| Reviews please?
| 
| 
| Also available from:
| http://filebox.vt.edu/users/mheffner/patches/lam.patch


Any objections to me committing this? Also, should I follow it up with a
de-__P() patch?


-- 

  Mike Heffner       <mheffner@vt.edu>
  Blacksburg, VA   <mikeh@FreeBSD.org>
  http://filebox.vt.edu/users/mheffner



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message