Date: Thu, 4 Oct 2001 13:47:10 -0400 From: Mike Barcroft <mike@FreeBSD.ORG> To: "Todd C. Miller" <Todd.Miller@courtesan.com> Cc: Peter Pentchev <roam@ringlet.net>, freebsd-net@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Subject: Re: [CFR] whois(1) out-of-bound access patch Message-ID: <20011004134710.C31795@coffee.q9media.com> In-Reply-To: <200110041650.f94GoL10010161@xerxes.courtesan.com>; from Todd.Miller@courtesan.com on Thu, Oct 04, 2001 at 10:50:20AM -0600 References: <20011004121640.C1959@ringworld.oblivion.bg> <20011004121933.B31795@coffee.q9media.com> <200110041650.f94GoL10010161@xerxes.courtesan.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Todd C. Miller <Todd.Miller@courtesan.com> writes: > In message <20011004121933.B31795@coffee.q9media.com> > so spake Mike Barcroft (mike): > > > Would you please test the attached patch and confirm that it solves > > the problem? If it does, I'll commit it today. > > I doubt that is sufficient as "buf" is treated as a NUL terminated > string in the calls to strstr(). Also note that it is not necessary > to copy the buffer each time as in the original patch. You can > only get a line w/o a newline as the last line before EOF. We could always implement strnstr(). I think I prefer it to the malloc(3) the final line kludge. BTW, are you interested in syncing OpenBSD's whois(1) with FreeBSD's at some point? I've added some really useful features, particularly the -c option and recursive IP lookups. Best regards, Mike Barcroft To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004134710.C31795>