[2185] in bugtraq
Re: syslog vulnerability
daemon@ATHENA.MIT.EDU (Ed Arnold)
Thu Aug 31 22:37:02 1995
Date: Thu, 31 Aug 1995 15:57:44 -0600
Reply-To: Ed Arnold <era@ucar.edu>
From: Ed Arnold <era@ucar.edu>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Would someone please answer a really stupid question??
The solutions offered to the syslog problem are fairly long.
Why isn't it sufficient just to insure that the buffer passed
in by a hacker always gets sanitized to guarantee that it can't
overrun any buffers it gets strcpy()-ed to? E.g.
#define BUFSIZ 4096
syslog(pri,msg,parms)
int pri; char *msg; int parms;
{
char localmsg[BUFSIZ];
strncpy(localmsg,msg,BUFSIZ);
localmsg[BUFSIZ-1] = '\0';
msg = localmsg;
