On Tue, Sep 17, 2002 at 02:04:33PM -0500, Daniel R. Grayson wrote: > checking whether to enable the possibly-buggy SMB printer... yes > configure: warning: The SMB printer may have exploitable buffer overflows!!! > > I don't know what to make of it. Does this warning mean that you are > distributing code known to have security holes?
It says "may have", not "does have". At one point, there were definitely places where it could run past the end of the packet and keep going. We audited the code somewhat, and fixed what we found; I can't speak for Bill Fenner, who did most of the work, but I think we found most of the places where that happens, if not all. Bill, should we remove that warning at this point? - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
