At 05:49 PM 10/20/1999 -0400, [EMAIL PROTECTED] wrote:
>Darren Reed <[EMAIL PROTECTED]> wrote:
>
>"With syslog today, there is an arbitrary
>limit of 1024 bytes in a syslog message."
>
>I think this is due to the stack buffer array size in BSD syslogd, and the
>limit is not actually checked anywhere (either client or server side) -
>hence the buffer overflow attack vulnerability.
I haven't read all the implementations, but I think that the OpenBSD
syslogd (version 1.33, dated 1999/07/06) limits the read size on both UNIX
socket and network reads.
Unfortunately, the network recvfrom() call uses MAXLINE as the size, while
the declaration of the buffer sizes it to (MSG_BSIZE + 1), but at least it
reads only a finite amount into the buffer.
Bob
