From owner-freebsd-audit  Thu Oct  4 10:47:14 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from coffee.q9media.com (coffee.q9media.com [216.94.229.19])
	by hub.freebsd.org (Postfix) with ESMTP
	id 00F3537B405; Thu,  4 Oct 2001 10:47:10 -0700 (PDT)
Received: (from mike@localhost)
	by coffee.q9media.com (8.11.6/8.11.6) id f94HlBV33920;
	Thu, 4 Oct 2001 13:47:11 -0400 (EDT)
	(envelope-from mike)
Date: Thu, 4 Oct 2001 13:47:10 -0400
From: Mike Barcroft <mike@FreeBSD.ORG>
To: "Todd C. Miller" <Todd.Miller@courtesan.com>
Cc: Peter Pentchev <roam@ringlet.net>, freebsd-net@FreeBSD.ORG,
	freebsd-audit@FreeBSD.ORG
Subject: Re: [CFR] whois(1) out-of-bound access patch
Message-ID: <20011004134710.C31795@coffee.q9media.com>
References: <20011004121640.C1959@ringworld.oblivion.bg> <20011004121933.B31795@coffee.q9media.com> <200110041650.f94GoL10010161@xerxes.courtesan.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200110041650.f94GoL10010161@xerxes.courtesan.com>; from Todd.Miller@courtesan.com on Thu, Oct 04, 2001 at 10:50:20AM -0600
Organization: The FreeBSD Project
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

Todd C. Miller <Todd.Miller@courtesan.com> writes:
> In message <20011004121933.B31795@coffee.q9media.com>
> 	so spake Mike Barcroft (mike):
> 
> > Would you please test the attached patch and confirm that it solves
> > the problem?  If it does, I'll commit it today.
> 
> I doubt that is sufficient as "buf" is treated as a NUL terminated
> string in the calls to strstr().  Also note that it is not necessary
> to copy the buffer each time as in the original patch.  You can
> only get a line w/o a newline as the last line before EOF.

We could always implement strnstr().  I think I prefer it to the
malloc(3) the final line kludge.

BTW, are you interested in syncing OpenBSD's whois(1) with FreeBSD's
at some point?  I've added some really useful features, particularly
the -c option and recursive IP lookups.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message