Date: Fri, 25 Oct 1996 17:47:36 -0600 From: Warner Losh <imp@village.org> To: Marc Slemko <marcs@znep.com> Cc: security@freebsd.org Subject: Re: Vadim Kolontsov: BoS: Linux & BSD's lpr exploit Message-ID: <E0vGvyT-0002ew-00@rover.village.org> In-Reply-To: Your message of "Fri, 25 Oct 1996 17:37:20 MDT." <Pine.BSF.3.95.961025173358.27697C-100000@alive.ampr.ab.ca> References: <Pine.BSF.3.95.961025173358.27697C-100000@alive.ampr.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.95.961025173358.27697C-100000@alive.ampr.ab.ca> Marc Slemko writes: : I don't think it is worthwhile to bother with dynamic memory allocation : for this. I think it is just as clean to simply exit, perhaps logging an : error, if the string is too long. Agreed. The more I thought about it, the more I realized that it was silly to allow long lines only here. And more error prone, since my patch actually introduced a new core dump :-(. I've commited the OpenBSD fix for this problem, btw, which silently truncates. Don't see a whole lot of reason for exiting in this case, but I have trouble articulating why. I can improve upon the OpenBSD fix, but at least that is one less lpr hole that is in FreeBSD. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0vGvyT-0002ew-00>