[2169] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Aug 29 21:24:10 1995
Date: Tue, 29 Aug 1995 03:08:48 -0400
Reply-To: perry@piermont.com
From: "Perry E. Metzger" <perry@piermont.com>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Tue, 29 Aug 1995 00:10:41 EDT."
<199508290410.AAA14285@marksys.misty.com>
Mark Thomas writes:
> If anyone comes up with diffs to SunOS syslog() source for those
> who have source access, or a replacement syslog.c routine to build into
> libc, please post.
I've already built patches for 4.4lite BSD derived systems, which I'll
post in a little while after I've tested them better. Unfortunately,
they require the use of snprintf, which is not standard on anything
other than 4.4BSD. I can't think of any way to get around this -- you
need to bounds check the sprintfs in syslog.c and the only way I know
to do that is snprintf.
I'll point out that this opens up a whole new wonderful set of holes
that no one thought of before.
Perry
