Bugtraq mailing list archives
Re: syslog vulnerability
From: era () ucar edu (Ed Arnold)
Date: Thu, 31 Aug 1995 15:57:44 -0600
Would someone please answer a really stupid question?? The solutions offered to the syslog problem are fairly long. Why isn't it sufficient just to insure that the buffer passed in by a hacker always gets sanitized to guarantee that it can't overrun any buffers it gets strcpy()-ed to? E.g. #define BUFSIZ 4096 syslog(pri,msg,parms) int pri; char *msg; int parms; { char localmsg[BUFSIZ]; strncpy(localmsg,msg,BUFSIZ); localmsg[BUFSIZ-1] = '\0'; msg = localmsg;
Current thread:
- Re: syslog vulnerability Ed Arnold (Aug 31)