From owner-freebsd-security  Fri Oct 25 16:41:06 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA04830
          for security-outgoing; Fri, 25 Oct 1996 16:41:06 -0700 (PDT)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA04817
          for <security@FreeBSD.ORG>; Fri, 25 Oct 1996 16:41:03 -0700 (PDT)
Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.7.5/8.7.3) with UUCP id RAA00219; Fri, 25 Oct 1996 17:40:30 -0600 (MDT)
Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id RAA27998; Fri, 25 Oct 1996 17:37:21 -0600 (MDT)
Date: Fri, 25 Oct 1996 17:37:20 -0600 (MDT)
From: Marc Slemko <marcs@znep.com>
X-Sender: marcs@alive.ampr.ab.ca
To: Warner Losh <imp@village.org>
cc: security@FreeBSD.ORG
Subject: Re: Vadim Kolontsov: BoS:      Linux & BSD's lpr exploit
In-Reply-To: <E0vGqC6-00023u-00@rover.village.org>
Message-ID: <Pine.BSF.3.95.961025173358.27697C-100000@alive.ampr.ab.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 25 Oct 1996, Warner Losh wrote:

> Here's a new LPR threat.  I've come up with a patch that I'd like
> others on this list to vet.  It is different than the one suggested by
> the author.  I think it is better, but haven't thought through all the
> implications of it yet.
> 
> Comments?

I don't think it is worthwhile to bother with dynamic memory allocation
for this.  I think it is just as clean to simply exit, perhaps logging an
error, if the string is too long.