From owner-freebsd-audit  Sat Nov 11 23:37:26 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167])
	by hub.freebsd.org (Postfix) with ESMTP id 91DB737B479
	for <audit@FreeBSD.ORG>; Sat, 11 Nov 2000 23:37:25 -0800 (PST)
Received: by puck.firepipe.net (Postfix, from userid 1000)
	id 81DF418DB; Sun, 12 Nov 2000 02:37:24 -0500 (EST)
Date: Sun, 12 Nov 2000 02:37:24 -0500
From: Will Andrews <will@physics.purdue.edu>
To: Kris Kennaway <kris@citusc.usc.edu>
Cc: audit@FreeBSD.ORG
Subject: Re: make(1) string paranoia part 1 (fwd)
Message-ID: <20001112023724.D555@puck.firepipe.net>
Reply-To: Will Andrews <will@physics.purdue.edu>
Mail-Followup-To: Will Andrews <will@physics.purdue.edu>,
	Kris Kennaway <kris@citusc.usc.edu>, audit@FreeBSD.ORG
References: <20001008233144.A39915@citusc17.usc.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20001008233144.A39915@citusc17.usc.edu>; from kris@citusc.usc.edu on Sun, Oct 08, 2000 at 11:31:44PM -0700
X-Operating-System: FreeBSD 4.1-STABLE i386
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Oct 08, 2000 at 11:31:44PM -0700, Kris Kennaway wrote:
> Here.  The NetBSD make(1) simply converts most of the sprintf() to
> snprintf().  Sure, make(1) isn't really much of something that can be
> exploited, but nothing wrong with a little string paranoia, IMO.  It
> also free()'s the strings properly.

So... nobody has comments on this patch?  I have tested it.. shall I
commit?

-- 
wca


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message