Date: Tue, 21 Sep 1999 20:17:03 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: FreeBSD Security Officer <security-officer@freebsd.org> Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-99:06.amd Message-ID: <19990921201703.C17788@lithium.scientia.demon.co.uk> In-Reply-To: <199909210214.UAA22243@harmony.village.org> References: <199909210214.UAA22243@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD Security Officer wrote: > + /* > + * XXX: ptr is 1024 bytes long. It is possible to write into it > + * more than 1024 bytes, if efmt is already large, and vargs expand > + * as well. > + */ > vsprintf(ptr, efmt, vargs); > + msg[1023] = '\0'; /* null terminate, to be sure */ This may be a stupid question, but why not just replace the last two lines with vsnprintf(ptr, 1024, efmt, vargs); ? -- Ben Smithurst | PGP: 0x99392F7D ben@scientia.demon.co.uk | key available from keyservers and | ben+pgp@scientia.demon.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990921201703.C17788>