[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src

To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: CVS: cvs.openbsd.org: src
From: Theo de Raadt <deraadt_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Date: Tue, 12 Apr 2005 21:46:28 -0600 (MDT)

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2005/04/12 21:46:28

Modified files:
	usr.sbin/user  : user.c 

Log message:
very unlikely overflow.  but sticking to the idiom is important:  thereby,
example by example, we teach people how to actually use snprintf.  because
it is clear (especially judging by code coming from netbsd hint hint perhaps
if i say it like this they will finally learn) that people are not paying
attention, and replacing one security problem with another.

in the early days we replaced buffer the typical ANSI-C standardized function
buffer overflows (by which I mean strcpy, strcat, and sprintf) with
non-overflowing ones -- range checking varients.  We knew we were fixing
a major problem.  The damn overflows.  But we did not have time in all cases
to handle the next problem we were not handling:  string truncation.  Now we
need to (I hope not slowly) start fixing the string truncations.

Anyone going to help?

Prev by Date: CVS: cvs.openbsd.org: src
Next by Date: CVS: cvs.openbsd.org: src
Previous by thread: CVS: cvs.openbsd.org: src
Next by thread: CVS: cvs.openbsd.org: src
Index(es):
- Date
- Thread

Visit your host, monkey.org