Am 16.05.2008 um 15:47 schrieb Andreas Tille: > On Fri, 16 May 2008, Nico Golde wrote: > >>> - sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]); >>> + /* Fix CVE-2008-2149: buffer overflows Andreas Tille <[EMAIL >>> PROTECTED]> */ >>> + sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]); >> >> Please use snprintf(tmpbuf, sizeof(tmpbuf), ... instead of this. > > I just followed > https://buildsecurityin.us-cert.gov/daisy/bsi-rules/home/g1/840.html > and unfortuantely it is to late now because the package just hit unstable. > Feel free to NMU if there are any reasons to do so. > > Just for the sake of interest: What is the essential difference between > the patch above and snprintf()?
The latter is safer, because the tmpbuf buffer will not overflow even if somebody decides to reduce its size. Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]