Re: syslog vulnerability

[era () ucar edu (Ed Arnold)]

Would someone please answer a really stupid question??

The solutions offered to the syslog problem are fairly long.
Why isn't it sufficient just to insure that the buffer passed
in by a hacker always gets sanitized to guarantee that it can't
overrun any buffers it gets strcpy()-ed to?  E.g.

#define BUFSIZ 4096
syslog(pri,msg,parms)
int pri; char *msg; int parms;
{
   char localmsg[BUFSIZ];

   strncpy(localmsg,msg,BUFSIZ);
   localmsg[BUFSIZ-1] = '\0';
   msg = localmsg;