[1579] in linux-security and linux-alert archive
[linux-security] Re: so-called snprintf() in db-1.85.4
daemon@ATHENA.MIT.EDU (Hal DeVore)
Wed Jul 9 10:27:12 1997
To: Thomas Roessler <roessler@guug.de>, linux-security@redhat.com
In-Reply-To: Your message of "Tue, 08 Jul 1997 21:33:55 +0200."
<19970708213355.43189@sobolev.rhein.de>
From: Hal DeVore <hdevore@bmc.com>
Reply-To: Hal DeVore <hdevore@bmc.com>
Date: Wed, 09 Jul 1997 07:41:17 -0500
Resent-From: linux-security@redhat.com
-----BEGIN PGP SIGNED MESSAGE-----
roessler@guug.de wrote:
> There is a severe problem with the db-1.85.4 library's Linux port
I just ran nm on my libdb.a and found:
snprintf.o:
00000000 t gcc2_compiled.
00000000 T snprintf
00000014 T vsnprintf
U vsprintf
Without looking at the code I'd bet that the vsnprintf function supplied
in this library similarly turns into a vsprintf.
Hal
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBM8OG50Zrb8SDJ8hxAQE77wP/a10vOmulKy3hOcG9bqwBA64m7OEejqv7
7CiRGcRepHyowVMHvp2P7pITCYohGxpEweljnA4iqHy8WG68No8pK2YOjp7RDLda
WcS+CvImoLX7gBZK3LBQpmWqtrHfwO/I3QaqfietW93mG0PPrysRGhUNi94+MKB5
4SUgslHA42U=
=AkPG
-----END PGP SIGNATURE-----