From owner-freebsd-security Sun Nov 1 18:26:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA16309 for freebsd-security-outgoing; Sun, 1 Nov 1998 18:26:39 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA16302 for ; Sun, 1 Nov 1998 18:26:36 -0800 (PST) (envelope-from peter.jeremy@auss2.alcatel.com.au) Received: by border.alcanet.com.au id <40330>; Mon, 2 Nov 1998 13:25:51 +1100 Date: Mon, 2 Nov 1998 13:26:18 +1100 From: Peter Jeremy Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass) To: freebsd-security@FreeBSD.ORG, winter@jurai.net Message-Id: <98Nov2.132551est.40330@border.alcanet.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Matthew N. Dodd" wrote: > At this point there isn't any reason not to go about fixing these >potential problems though. ssh also contains a large number of sprintf() calls. Not all of these are immediately innocuous. There are also 2 sscanf() calls with %s formats which could be dangerous. Not to mention the str[n]cat() and str[n]cpy() calls. Unfortunately I have another bushfire to worry about right now, or I'd check through them as well. The problem with C is that there are too many ways to shoot yourself in the foot... A full security audit on ssh (which it sounds like it might need) would be fairly time-consuming. Peter -- Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message