[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities

Alan Boudreault aboudreault at mapgears.com
Tue Oct 5 13:57:14 EDT 2010


Hi Devs,

As discussed during the meeting at FOSS4G 2010, I passed through the mapserver 
code source and fixed a lot buffer overflow vulnerabilities. I followed  the 
good practices in C development of a few security sites. ie: 
https://buildsecurityin.us-cert.gov/bsi-rules/home.html

I invite all file maintainers to take a look at my changes to see what those 
good practices are and comment if needed. If you have no objection, I'm going 
to commit this in trunk.

I've run msautotest and the results before/after applying those patches are 
exactly the same. I would like to commit as soon as possible to let everyone 
test their applications with the changes.  

Here's the patches:
http://trac.osgeo.org/mapserver/attachment/ticket/3537/3537-1.patch
http://trac.osgeo.org/mapserver/attachment/ticket/3537/3537-2.patch

regards,
Alan

-- 
Alan Boudreault
Mapgears
http://www.mapgears.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20101005/e2f0fad3/attachment.html


More information about the mapserver-dev mailing list