httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: big patch for buffer overflow fixes
Date Wed, 01 Jan 1997 17:54:14 GMT

> Here is a patch for all the buffer overflow and potential buffer overflows
> in apache that I noticed in my run through the source.  First, a few Q&A
> that I asked myself. 

Few of these changes seem to apply to anything but the error code.

Based on that, I don't have a big problem with adding them. A few 
comments though.

* Ben added the vbprintf() code awhile back. Seems like a fair chunk
  of that code could be used to supply an snprintf() that could be
  used more effectively to keep these sorts of problems from creeping
  back in.

* IF we decide to include these changes, seems that it would be nice
  to get them in a fair bit _before_ the proposed changes that Ben
  will be making to the API just to make it a bit easier to pin down
  problem causers if there are any.

View raw message