[mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities

Lime, Steve D (DNR) Steve.Lime at state.mn.us
Tue Oct 5 14:27:48 EDT 2010

Will do! Thanks much to you and Daniel for leading the charge in this regard. I think this is a very positive step forward for our user base. I'm curious what, if anything, you ran into that might invite back porting... Steve
From: mapserver-dev-bounces at lists.osgeo.org [mapserver-dev-bounces at lists.osgeo.org] On Behalf Of Alan Boudreault [aboudreault at mapgears.com]
Sent: Tuesday, October 05, 2010 12:57 PM
To: mapserver-dev at lists.osgeo.org
Subject: [mapserver-dev] Ticket 3537 - Buffer overflow vulnerabilities

Hi Devs,

As discussed during the meeting at FOSS4G 2010, I passed through the mapserver code source and fixed a lot buffer overflow vulnerabilities. I followed the good practices in C development of a few security sites. ie: https://buildsecurityin.us-cert.gov/bsi-rules/home.html

I invite all file maintainers to take a look at my changes to see what those good practices are and comment if needed. If you have no objection, I'm going to commit this in trunk.

I've run msautotest and the results before/after applying those patches are exactly the same. I would like to commit as soon as possible to let everyone test their applications with the changes.

Here's the patches:






Alan Boudreault



More information about the mapserver-dev mailing list