[Bug 388606] Re: [MIR] librelp
Kees Cook
kees at ubuntu.com
Fri Jul 17 17:21:49 UTC 2009
Yeah, walking the packet receiver, ToString appears safe for the moment.
I'm worried about this code growing and gaining more functionality.
While re-reviewing, I also see that relpOfferValueAdd will wrap integers
(since Data len is 255 characters, converted back to int), though
nothing meaningfully depends on this yet. If an intVal is ever used for
length calculates, there will be trouble. (Also note strncpy doesn't
terminate if it encounters max characters, though again, currently safe
due to equal sized src/dest buffers.)
+1 since this is blocking rsyslog, but we should carefully watch this
package.
** Changed in: librelp (Ubuntu)
Status: Confirmed => In Progress
--
[MIR] librelp
https://bugs.launchpad.net/bugs/388606
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list