[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVS_RSH env-var feature patch
From: |
Larry Jones |
Subject: |
Re: CVS_RSH env-var feature patch |
Date: |
Sun, 2 Sep 2001 19:19:23 -0400 (EDT) |
Ellison, Martin [IT] writes:
>
> I notice that you have redimensioned argv without changing any other code.
> Does this mean that the code is susceptible to an overrun attack?
Yes. (The original code isn't, but the patch introduces a potential
buffer overflow bug and thus isn't acceptable. I also question how much
need there is for the enhancement.)
-Larry Jones
I hate being good. -- Calvin