From owner-freebsd-audit Thu Jan 25 22:32:44 2001 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 67B7437B402 for ; Thu, 25 Jan 2001 22:32:26 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id f0Q6WLu193437; Fri, 26 Jan 2001 01:32:21 -0500 (EST) Received: from enterprise.muriel.penguinpowered.com ([198.82.100.151]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G7R005PUBHVQ2@gkar.cc.vt.edu>; Fri, 26 Jan 2001 01:32:20 -0500 (EST) Date: Fri, 26 Jan 2001 01:32:19 -0500 (EST) From: Mike Heffner Subject: Re: lam(1) patch In-reply-to: <200101260624.f0Q6NZW05123@gratis.grondar.za> To: Mark Murray Cc: FreeBSD-audit Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.6-3 on FreeBSD Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 8bit X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 26-Jan-2001 Mark Murray wrote: |> The following patch fixes the following: |> |> - sprintf() -> snprintf() |> - manual (unbounded) while() loop string copying -> strlcpy() |> - use tolower() rather than bit or'ing |> - sanity check the user specified printf() format |> - prevent walking off end of inputfile array |> - some other string bounds issues |> |> Reviews please? | | Looks cool to me. | | While you are in there, you probably also want to blow away the "register" | keyword(s) on the lines you are messing with. | Well I removed one register variable completely because it was no longer needed, but I hadn't touched any other variables. Should I remove "register" from some of the other variables? -- Mike Heffner Blacksburg, VA ICQ# 882073 http://filebox.vt.edu/users/mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message