Date: Tue, 21 Sep 1999 20:17:03 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: FreeBSD Security Officer <security-officer@freebsd.org> Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-99:06.amd Message-ID: <19990921201703.C17788@lithium.scientia.demon.co.uk> In-Reply-To: <199909210214.UAA22243@harmony.village.org> References: <199909210214.UAA22243@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD Security Officer wrote:
> + /*
> + * XXX: ptr is 1024 bytes long. It is possible to write into it
> + * more than 1024 bytes, if efmt is already large, and vargs expand
> + * as well.
> + */
> vsprintf(ptr, efmt, vargs);
> + msg[1023] = '\0'; /* null terminate, to be sure */
This may be a stupid question, but why not just replace the last two lines
with
vsnprintf(ptr, 1024, efmt, vargs);
?
--
Ben Smithurst | PGP: 0x99392F7D
ben@scientia.demon.co.uk | key available from keyservers and
| ben+pgp@scientia.demon.co.uk
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990921201703.C17788>