[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities
thomas.bonfort at gmail.com
Wed Oct 6 08:49:54 EDT 2010
* it seems suspicious to me that you are using the sizeof operator to
compute string lengths,shouldn't you be using strlen instead?
* why replace all functions with their snyyyy couterpart (i.e. sprintf
by snprintf, etc...) when treating data that isn't submitted over the
wire (for example DRIVER names, etc...) ?
On Tue, Oct 5, 2010 at 19:57, Alan Boudreault <aboudreault at mapgears.com> wrote:
> Hi Devs,
> As discussed during the meeting at FOSS4G 2010, I passed through the
> mapserver code source and fixed a lot buffer overflow vulnerabilities. I
> followed the good practices in C development of a few security sites. ie:
> I invite all file maintainers to take a look at my changes to see what those
> good practices are and comment if needed. If you have no objection, I'm
> going to commit this in trunk.
> I've run msautotest and the results before/after applying those patches are
> exactly the same. I would like to commit as soon as possible to let everyone
> test their applications with the changes.
> Here's the patches:
> Alan Boudreault
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
More information about the mapserver-dev