severity 307720 minor Thankyou Mr Bug Control Robot. Thankyou for the report.
The latter three bugs were fixed by revision 1.132 [1] of CVS HEAD's rlm_sql.c [2] and I'll review and pull it in, and see if I can get an upload done despite the freeze. I think this means I also have to pull in the change in revision 1.134 [3] but I need to check the flow there first. The first bug you mentioned is indeed a bug. I will fix it in both HEAD and here by simply adding a test for outlen <= 3 around the snprintf..continue block, with 'break' as the else. (I'll leave this as minor since I've not looked to see how exploitable they are.) Sadly, I'm in the process of moving, and my Debian development machine will soon be unpowered. I'll try and get it done this weekend, and then usb-key it somewhere for sponsoring. [1] http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/rlm_sql/rlm_sql.c.diff?r1=1.131&r2=1.132 [2] http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/rlm_sql/rlm_sql.c [3] http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/rlm_sql/rlm_sql.c.diff?r1=1.133&r2=1.134 -- Paul "TBBle" Hampson, [EMAIL PROTECTED] 7th year CompSci/Asian Studies student, ANU Shorter .sig for a more eco-friendly paperless office.
pgpTPguqTV48A.pgp
Description: PGP signature