[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSH: What went wrong?
In some mail from Joseph W. Shaw II, sie said:
> I'm the last person to defend Theo, but I have to ask. Has your code been
> audited for integer overflows yet? Of course, you had the whole format
> string bug issue taken care of well before they became popular, right?
Since you've asked, I'll answer. I didn't worry about the format string
problem when it became popular because I don't believe any of my code was
written in such a way that it was a problem. As for integer overflows,
no, I haven't auditted for them (I wouldn't expect to find any, either).
I have other, problems, to worry about instead that are generally less
easy to fix than these.