Date: Thu, 09 Aug 2001 11:09:39 +0100 From: Mark Murray <mark@grondar.za> To: Mike Barcroft <mike@FreeBSD.ORG> Cc: audit@FreeBSD.ORG Subject: Re: login(1) changes Message-ID: <200108091009.f79A9dW00872@grimreaper.grondar.za> In-Reply-To: <20010809010358.A18538@coffee.q9media.com> ; from Mike Barcroft <mike@FreeBSD.ORG> "Thu, 09 Aug 2001 01:03:58 EDT." References: <20010809010358.A18538@coffee.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> ---------------------------------------------------------------------- > > login.20010808-rev2.patch > > o Replace occurrences of strncpy(3) with strlcpy(3); most of > the uses of it were wrong anyway. > o Always check for NULL returns on strdup(3). > o Fix a possible buffer overflow in strcpy(3). > o Fix a format string vulnerability. > o t->ty_type in stypeof() could be NULL and eventually cause > a segmentation fault in setenv(3), so check for that. > > Index: login/login.c I have not run this, but looking over it, it all looks pretty sane. Personally, I'd also push for a s/(void)foo()/foo()/, s/foo __P((X))/foo(X)/ and ansification, but this is OK. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108091009.f79A9dW00872>