Re: Integer overflow in syslogd

2016-02-12 Thread Michael Savage
I've added a comment and replaced memcpy with strlcpy as suggested. > Nitpick, but I'd probably slightly prefer parse_priority. Me too, but it gets called by printline/printsys so I copied that. If anyone has stronger feelings about it I'll change it to whatever. > Looking at the old code again,

Re: Integer overflow in syslogd

2016-02-12 Thread Michael Savage
Here's a patch with less fragile parsing code. Mike Index: syslogd.c === RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.177 diff -u -p -r1.177 syslogd.c --- syslogd.c 20 Jul 2015 19:49:33 - 1.177 +++

Integer overflow in syslogd

2016-02-11 Thread Michael Savage
I found an integer overflow in syslogd which can be triggered by compiling and running: #include #include #include int main( int argc, char ** argv ) { const char * msg = "<> hello"; return sendsyslog( msg, strlen( msg ) ); } The problematic code is a hand-rolled

Use HTML entities when referring to tables in www/opensmtpd/faq/example1.html

2016-01-23 Thread Michael Savage
The page at http://www.openbsd.org/opensmtpd/faq/example1.html doesn't display correctly because browsers try to interpret / as HTML tags. This patch replaces < and > with > and <. Index: example1.html === RCS file: /cvs/www/opensmtpd

Random doubles

2015-01-20 Thread Michael Savage
Hi, I'm having trouble generating uniform random doubles in [0,1) with arc4random. In games, the snippet: (double) arc4random() / (UINT32_MAX + 1.0) crops up multiple times, but that isn't utilising the full precision of a double. If you do the equivalent with a 64bit random integer: