Bugtraq mailing list archives

Re: Format strings: bug #1: BSD-lpr

From: Kris Kennaway <kris () FREEBSD ORG>
Date: Tue, 26 Sep 2000 00:02:48 -0700

On Tue, 26 Sep 2000, Chris Evans wrote:

OpenBSD ship BSD-lpr. Not only have they already fixed this in their CVS,
but they also offer web indexed CVS. They caught it independently as part
of their "format strings" audit.

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/lpr/lpd/printjob.c?r1=1.19&r2=1.20


It seems FreeBSD fixed this one back in 1997:

http://www.FreeBSD.org/cgi/cvsweb.cgi/src/usr.sbin/lpr/lpd/printjob.c.diff?r1=1.17&r2=1.18

(I was worried for a second there when I didnt remember catching this one
in our recent audit sweep ;-)

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

Current thread:

Format strings: bug #1: BSD-lpr Chris Evans (Sep 25)
- Re: Format strings: bug #1: BSD-lpr Kris Kennaway (Sep 27)
- Re: Format strings: bug #1: BSD-lpr Sean Winn (Sep 27)
  - Re: Format strings: bug #1: BSD-lpr Sean Winn (Sep 27)
- Re: Format strings: bug #1: BSD-lpr Jouko Pynn?nen (Sep 27)
  - Re: Format strings: bug #1: BSD-lpr Valdis Kletnieks (Sep 27)