From owner-freebsd-security Wed Nov 24 0: 4:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 399FB15180 for ; Wed, 24 Nov 1999 00:04:07 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id BAA12123; Wed, 24 Nov 1999 01:03:23 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id BAA19086; Wed, 24 Nov 1999 01:03:43 -0700 (MST) Message-Id: <199911240803.BAA19086@harmony.village.org> To: John Hay Subject: Re: Overflow in banner(1) Cc: security@FreeBSD.ORG In-reply-to: Your message of "Sat, 24 Nov 1999 09:58:51 +0200." <199911240758.JAA96963@zibbi.mikom.csir.co.za> References: <199911240758.JAA96963@zibbi.mikom.csir.co.za> Date: Wed, 24 Nov 1999 01:03:43 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199911240758.JAA96963@zibbi.mikom.csir.co.za> John Hay writes: : > In message <19991123224424.B51939@dragon.nuxi.com> "David O'Brien" writes: : > : On Tue, Nov 23, 1999 at 09:15:35PM -0800, Kris Kennaway wrote: : > : > - (void)fgets(message, sizeof(message), stdin); : > : > + (void)fgets(message, MAXMSG, stdin); : > : : > : There is nothing wrong with the original line here. Please don't change : > : things that are fine just to change them. We don't want to ofuscate the fix. : > : > In fact, the original line is safer than the replaced line. It is : > safer because message's size might change form MAXMSG to MAXBUF or 24. : > If you hardwire MAXMSG like this, painful experience has shown that : > you will get burned. : : Well the original line is plain wrong if Brian's patch is being used, : because there message is a pointer and the size of a pointer is 4. But the line is wrong in kris' message because he has a fixed buffer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message