From: John C. <joh...@sa...> - 2005-05-04 13:44:06
|
At 07:40 AM Tuesday 5/3/2005, Jindrich Novy wrote: >While fixing CAN-2004-1287 I found that there's yet another vsprintf >that may cause buffer overflow. I haven't properly investigated whether >it could be somehow exploited, but maybe snprintf should be used here >instead to avoid possible vulnerabilities. I'm sending an one-liner to >fix this. Yes. --John PGP KeyID: 6781C9C8 (good until 31-Dec-2008) Keyserver at ldap://keyserver.pgp.com LILO links at http://freshmeat.net/projects/lilo and Help link at http://lilo.go.dyndns.org |