[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities
Alan Boudreault
aboudreault at mapgears.com
Tue Oct 5 13:57:14 EDT 2010
Hi Devs,
As discussed during the meeting at FOSS4G 2010, I passed through the mapserver
code source and fixed a lot buffer overflow vulnerabilities. I followed the
good practices in C development of a few security sites. ie:
https://buildsecurityin.us-cert.gov/bsi-rules/home.html
I invite all file maintainers to take a look at my changes to see what those
good practices are and comment if needed. If you have no objection, I'm going
to commit this in trunk.
I've run msautotest and the results before/after applying those patches are
exactly the same. I would like to commit as soon as possible to let everyone
test their applications with the changes.
Here's the patches:
http://trac.osgeo.org/mapserver/attachment/ticket/3537/3537-1.patch
http://trac.osgeo.org/mapserver/attachment/ticket/3537/3537-2.patch
regards,
Alan
--
Alan Boudreault
Mapgears
http://www.mapgears.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20101005/e2f0fad3/attachment.html
More information about the mapserver-dev
mailing list