From owner-freebsd-security  Thu Aug 31 13:50:02 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id NAA22123
          for security-outgoing; Thu, 31 Aug 1995 13:50:02 -0700
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id NAA22097
          for <freebsd-security@freebsd.org>; Thu, 31 Aug 1995 13:49:56 -0700
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id GAA08688; Fri, 1 Sep 1995 06:47:28 +1000
Date: Fri, 1 Sep 1995 06:47:28 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199508312047.GAA08688@godzilla.zeta.org.au>
To: freebsd-security@freebsd.org, peter@haywire.dialix.com
Subject: Re: Eric Allman's syslog.c fixes
Sender: security-owner@freebsd.org
Precedence: bulk

>Eric Allman is running a new syslog.c through the mill at the
>moment. It'll be the one published in the RSN CERT advisory I presume.

>It's thought to be bomproof on 4.4BSD systems (it uses vsnprintf), and
>the only holdup is portability to other OS's.

The one posted here didn't check the format conversion.  pst's version
was more complete.

Someone suggested using %.*s instead of snprintf.  That works well for
the format conversion.

Bruce