Date: Wed, 24 Nov 1999 01:03:43 -0700 From: Warner Losh <imp@village.org> To: John Hay <jhay@mikom.csir.co.za> Cc: security@FreeBSD.ORG Subject: Re: Overflow in banner(1) Message-ID: <199911240803.BAA19086@harmony.village.org> In-Reply-To: Your message of "Sat, 24 Nov 1999 09:58:51 %2B0200." <199911240758.JAA96963@zibbi.mikom.csir.co.za> References: <199911240758.JAA96963@zibbi.mikom.csir.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199911240758.JAA96963@zibbi.mikom.csir.co.za> John Hay writes: : > In message <19991123224424.B51939@dragon.nuxi.com> "David O'Brien" writes: : > : On Tue, Nov 23, 1999 at 09:15:35PM -0800, Kris Kennaway wrote: : > : > - (void)fgets(message, sizeof(message), stdin); : > : > + (void)fgets(message, MAXMSG, stdin); : > : : > : There is nothing wrong with the original line here. Please don't change : > : things that are fine just to change them. We don't want to ofuscate the fix. : > : > In fact, the original line is safer than the replaced line. It is : > safer because message's size might change form MAXMSG to MAXBUF or 24. : > If you hardwire MAXMSG like this, painful experience has shown that : > you will get burned. : : Well the original line is plain wrong if Brian's patch is being used, : because there message is a pointer and the size of a pointer is 4. But the line is wrong in kris' message because he has a fixed buffer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911240803.BAA19086>