I think we'd be happy to get such patches. However, the project hasn't been very active for a few years, so I can't promise someone will get around to merging them soon.
Hopefully they will be trivial and short enough that we can use them without having to get you to sign FSF paperwork. That's actually not a huge deal, though. One technical point: there are currently a lot of potential buffer overflows in the code because of sprintf'ing into a buffer with unchecked length (or the like). However, just converting them all to snprintf (etc.) will still leave the program buggy -- silently truncating long inputs is better than corrupting memory, but what we really should do in many cases is either (a) accept arbitrarily long inputs or (b) generate an error message if the input is too long. On Mon, 5 Sep 2005 02:28:51 -0400, Chris Frey <[EMAIL PROTECTED]> wrote: > Hi, > > I'm just checking whether it would be welcomed if I posted security > patches to the list as I found them. > > For example, if I went through and changed all sprintf and strcpy/strcat > calls to their safer equivalents, would that be accepted? > > If I posted them to the list with a public domain notice, could they > go into CVS right away? > > Thanks for any feedback, > - Chris > > > > _______________________________________________ > XBoard-devel mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/xboard-devel > -- Tim Mann [EMAIL PROTECTED] http://tim-mann.org/ _______________________________________________ XBoard-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/xboard-devel
