[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Error in www/porting.html

To: bugs_(_at_)_openbsd_(_dot_)_org
Subject: Error in www/porting.html
From: Ross L Richardson <Ross_(_dot_)_Richardson_(_at_)_utas_(_dot_)_edu_(_dot_)_au>
Date: Thu, 13 May 2004 15:09:35 +1000

The "Security Recommendations" section of
	<URL:http://www.openbsd.org/porting.html>
states :
	Any software to be installed as a server should be scanned
	for buffer overflows, especially unsafe use of
	strcat/strcpy/strcmp/sprintf.

The buffer overflow possibilities of strcat/strcpy/sprintf are clear
but given that strcmp(3) neither modifies its parameters nor has any
side effects, this is either a typo (patch attached) or poor wording.

Cheers,
	rlr
-- 
Ross L Richardson                              Phone: +61 (0)3 6226 6233
<URL:mailto:Ross_(_dot_)_Richardson_(_at_)_utas_(_dot_)_edu_(_dot_)_au>         Fax: +61 (0)3 6226 6211
<URL:http://www.infosys.utas.edu.au/cgi/ispeople/staff/ross_richardson/>
School of Information Systems, University of Tasmania, AUSTRALIA
--- porting.html.orig	Thu Feb 19 14:30:52 2004
+++ porting.html	Thu May 13 15:03:19 2004
@@ -124,7 +124,7 @@
 
    <li>Any software to be installed as a server should be scanned
        for buffer overflows, especially unsafe use of
-       <code>strcat/strcpy/strcmp/sprintf</code>.  In general,
+       <code>strcat/strcpy/sprintf</code>.  In general,
        <code>sprintf</code> should be replaced with <code>snprintf</code>.
 
    <li>Never use filenames instead of true security. There are numerous race

Prev by Date: Typo/errors in www/faq/faq8.html
Next by Date: typo on errata34.html
Previous by thread: Typo/errors in www/faq/faq8.html
Next by thread: typo on errata34.html
Index(es):
- Date
- Thread

Visit your host, monkey.org