Bugtraq mailing list archives
Re: Patch for 8lgm syslog/sendmail vulnerability, 4.4lite machines
From: gdonl () gv ssi1 com (Don Lewis)
Date: Tue, 29 Aug 1995 22:09:45 -0700
On Aug 29, 1:55pm, Charles Hannum wrote: } Subject: Re: Patch for 8lgm syslog/sendmail vulnerability, 4.4lite machine } Your original patch has a couple of problems; mainly, `p' can still } overrun the end of the buffer, and thus more bytes are output than } should be. In addition, the old special-case handling of `%m' is } annoying; it really should be done in vsnprintf(). You both missed the potential buffer overflow in the LOG_CONS case when "\r\n" is appended to the buffer. Also, if your using Chris Torek's stdio package, rather than calling snprintf() and vsnprintf() and manually keeping track of the end of the buffer, why don't you do call fprintf() and vfprintf() directly the same way as snprintf() and friends do. This cleans up the code in syslog() quite a bit. And since the only version of snprintf() that I've seen that doesn't ignore its size argument assumes a Torek style stdio package ... --- Truck
Current thread:
- Re: Patch for 8lgm syslog/sendmail vulnerability, 4.4lite machines Don Lewis (Aug 29)
- <Possible follow-ups>
- Re: Patch for 8lgm syslog/sendmail vulnerability, 4.4lite machines Mark Graff (Aug 30)