httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: snprintf()
Date Tue, 07 Jan 1997 16:17:32 GMT
Rodent of Unusual Size wrote:
> 
> >From the fingers of Rob Hartill flowed the following:
> >
> >I'd prefer we release 1.2 sooner rather than later and as something that
> >resembles 1.2b1.
> 
>     Is the snprintf() issue a bug fix, or a new feature?  If a bug fix
>     touches enough code, does it *become* a feature?
> 
>     Personally, I agree with Rob on closing 1.2 with no more features
>     than have been added to date (fewer would be nice ;-).  I've always
>     felt a bit uncomfortable with stuff to any software added during a
>     beta cycle.  On the other hand, since it's unclear to me when the
>     next release beyond 1.2 will hit the wire, I'd like to see the
>     buffer overrun potential removed from 1.2 before final release.  I
>     think that's too big a vulnerability in a high-quality server as
>     widely deployed as Apache.  If we don't close it now, there probably
>     *will* be a 1.2.1..
> 

Seems to me that the buffer overrun is a potential problem... Not sure
if it's seriously enough to warrent 1.2, BUT I personally believe that
1.2 will have a very long shelf life, esp considering how long we've
taken to release 1.2. In that light, it might be better to add the
snprintf() fix in now.

I don't think it falls under a new-feature catagory, but rather "doing the
code the right way".

-- 
====================================================================
      Jim Jagielski            |       jaguNET Access Services
     jim@jaguNET.com           |       http://www.jaguNET.com/
                  "Not the Craw... the CRAW!"

Mime
View raw message