Date: Fri, 5 Oct 2001 09:45:39 +0300 From: Peter Pentchev <roam@ringlet.net> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Mike Barcroft <mike@FreeBSD.ORG>, freebsd-net@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Subject: Re: [CFR] whois(1) out-of-bound access patch Message-ID: <20011005094539.B650@ringworld.oblivion.bg> In-Reply-To: <200110041702.f94H2uQ08169@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Thu, Oct 04, 2001 at 01:02:56PM -0400 References: <20011004121640.C1959@ringworld.oblivion.bg> <20011004121933.B31795@coffee.q9media.com> <200110041702.f94H2uQ08169@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 04, 2001 at 01:02:56PM -0400, Garrett Wollman wrote:
> <<On Thu, 4 Oct 2001 12:19:33 -0400, Mike Barcroft <mike@FreeBSD.ORG> said:
>
> > - printf("%s\n", buf);
> > + printf("%.*s\n", (int)len, buf);
>
> This is a *much* better patch.
..yet it needs more work: strstr() and strcspn() are used on
a non-null-terminated string. And even if those are fixed,
additional work is done for each input line, instead of only for
the lines that actually need it (at most one per session).
G'luck,
Peter
--
This sentence contains exactly threee erors.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011005094539.B650>