httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@n2k.com>
Subject Re: big patch for buffer overflow fixes
Date Wed, 01 Jan 1997 18:32:33 GMT
Randy Terbush liltingly intones:
> 
> 
> > Here is a patch for all the buffer overflow and potential buffer overflows
> > in apache that I noticed in my run through the source.  First, a few Q&A
> > that I asked myself. 
> 
> Few of these changes seem to apply to anything but the error code.
> 
> Based on that, I don't have a big problem with adding them. A few 
> comments though.
> 
> * Ben added the vbprintf() code awhile back. Seems like a fair chunk
>   of that code could be used to supply an snprintf() that could be
>   used more effectively to keep these sorts of problems from creeping
>   back in.
> 
> * IF we decide to include these changes, seems that it would be nice
>   to get them in a fair bit _before_ the proposed changes that Ben
>   will be making to the API just to make it a bit easier to pin down
>   problem causers if there are any.
> 
Xinetd also has strx_nprint() and strx_nprintv() functions to do this. I
sent mail to Mark about these, if they'd be of help.

It's a tough job, and I'm glad Mark's doing it.

chuck
Chuck Murcko	N2K Inc.	Wayne PA	chuck@telebase.com
And now, on a lighter note:
This is the LAST time I take travel suggestions from Ray Bradbury!

Mime
View raw message