httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: 1.3b7
Date Tue, 12 May 1998 08:52:39 GMT
Brian Behlendorf wrote:
> > WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
> >
> >     * SECURITY: check if the magic con/aux/nul/etc names do anything
> >         really bad
> 
> Discussion on this died down; when we last left it, I wondered aloud
> whether the device-checking patch which was applied last week solved this
> problem.

Ah, yes - I was halfway through testing that, when I suddenly had to
spend my time making the blasted thing work instead. By the time I had
finished I'd forgotten why I was doing it.

>  This problem continues to exist in theory only - so far no one's
> demonstrated a  concrete example of where the current code has problems.  I
> would like to demote this to an open issue, to be reinstated when someone
> demonstrates a problem.  Anyone opposed?
> 
> >    * SECURITY: numerous uses of strcpy and strcat have potential
> >        for buffer overflow, someone should rewrite or verify
> >        they're safe
> 
> Ben did some protection around the strcpy and strcat uses in util_win32.c.
> There are some other unprotected places in that code,

Where?

> and in readdir.c, but
> those uses appear to be covered by proper memory allocation.  I move that
> this be demoted to an open issue.  Again, let me know if you're opposed.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|  Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author    http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Mime
View raw message