From owner-freebsd-security  Fri Oct 25 16:47:47 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA05610
          for security-outgoing; Fri, 25 Oct 1996 16:47:47 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA05596
          for <security@freebsd.org>; Fri, 25 Oct 1996 16:47:43 -0700 (PDT)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vGvyT-0002ew-00; Fri, 25 Oct 1996 17:47:37 -0600
To: Marc Slemko <marcs@znep.com>
Subject: Re: Vadim Kolontsov: BoS: Linux & BSD's lpr exploit 
Cc: security@freebsd.org
In-reply-to: Your message of "Fri, 25 Oct 1996 17:37:20 MDT."
		<Pine.BSF.3.95.961025173358.27697C-100000@alive.ampr.ab.ca> 
References: <Pine.BSF.3.95.961025173358.27697C-100000@alive.ampr.ab.ca>  
Date: Fri, 25 Oct 1996 17:47:36 -0600
From: Warner Losh <imp@village.org>
Message-Id: <E0vGvyT-0002ew-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <Pine.BSF.3.95.961025173358.27697C-100000@alive.ampr.ab.ca>
Marc Slemko writes: 
: I don't think it is worthwhile to bother with dynamic memory allocation
: for this.  I think it is just as clean to simply exit, perhaps logging an
: error, if the string is too long.

Agreed.  The more I thought about it, the more I realized that it was
silly to allow long lines only here.  And more error prone, since my
patch actually introduced a new core dump :-(.

I've commited the OpenBSD fix for this problem, btw, which silently
truncates.  Don't see a whole lot of reason for exiting in this case,
but I have trouble articulating why.  I can improve upon the OpenBSD
fix, but at least that is one less lpr hole that is in FreeBSD.

Warner