Re: Re: sending security patches
Tim Mann <tim <at> tim-mann.org>
2005-09-05 21:23:35 GMT
On Mon, 5 Sep 2005 03:33:21 -0400, Chris Frey <cdfrey <at> netdirect.ca> wrote:
> On Sun, Sep 04, 2005 at 11:57:43PM -0700, Tim Mann wrote:
> > I think we'd be happy to get such patches. However, the project hasn't
> > been very active for a few years, so I can't promise someone will get
> > around to merging them soon.
> > Hopefully they will be trivial and short enough that we can use them
> > without having to get you to sign FSF paperwork. That's actually not a
> > huge deal, though.
> > One technical point: there are currently a lot of potential buffer
> > overflows in the code because of sprintf'ing into a buffer with
> > unchecked length (or the like). However, just converting them all to
> > snprintf (etc.) will still leave the program buggy -- silently
> > truncating long inputs is better than corrupting memory, but what we
> > really should do in many cases is either (a) accept arbitrarily long
> > inputs or (b) generate an error message if the input is too long.
> I'm not sure I have the time to do option (a), and especially not in
> plain C.
> You know the code much better than I do, so what error handling for
> option (b) would you suggest? A callback?
> For example, in the backend.c:looking_at() function, it copies wildcard
> matches into the star_match array without checking the length. A username
> from the server greater than 512 bytes would overflow this buffer, and