httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject more communication...
Date Sun, 12 Jan 1997 02:30:21 GMT

---------- Forwarded message ----------
Date: Sat, 11 Jan 1997 20:22:18 -0700 (MST)
From: Alfred Huger <>
To: Brian Behlendorf <>
Subject: Re: Apache and Apache derivitive Web Servers

On Sat, 11 Jan 1997, Brian Behlendorf wrote:

> On Sat, 11 Jan 1997, Alfred Huger wrote:
> > On Fri, 10 Jan 1997, Brian Behlendorf wrote:
> > 
> Great.  Is there a URL to your message we can give in ours?  What's the
> best way to give information about this problem without preempting your
> message?  We will be saying where the bug is and the possible impact
> anyways, with full credit.

Thanks a bunch. I am not sure how to make the information available to
your users. I would simply post it to your support groups. We will be
posting it our advisory to Bugtraq, BOS, Firewalls as well as cc'ing it to
Auscert. An URL for the advisory once it is out will be at: .

> Distributing our own snprintf(), probably borrowed from xinetd or
> sendmail (depending on license issues), and having a HAVE_SNPRINTF()
> #define for platforms which already have a (valid) version of it, which
> appears to be surprisingly small.  We've been working on this for a few
> weeks, so this hole certainly gives that effort more import now.  We'll
> also probably do a psprintf() for our pool-based memory allocation system,
> so static lengths for buffers can be reduced too.  
> 	Brian

That sounds like a good idea. It's nice to see vendors take Security in
their products seriously.

Alfred Huger						Phone: 403.262.9211	
Secure Networks Inc.					Fax: 403.262.9221
"Sit down before facts as a little child , be prepared to give up every
preconcieved notion, follow humbly wherever and whatever abysses nature
leads, or you will learn nothing" - Thomas H. Huxley 

View raw message