On Thu, Nov 27, 2014 at 10:04:59PM +0100, Tobias Stoeckmann wrote:
> On Thu, Nov 27, 2014 at 09:52:29PM +0100, Tobias Stoeckmann wrote:
> > On Thu, Nov 27, 2014 at 01:29:48PM -0700, Todd C. Miller wrote:
> > > I think it would be better for decode() to just return -1 in this
> > > case.
> >
> > I
On Thu, Nov 27, 2014 at 09:52:29PM +0100, Tobias Stoeckmann wrote:
> On Thu, Nov 27, 2014 at 01:29:48PM -0700, Todd C. Miller wrote:
> > I think it would be better for decode() to just return -1 in this
> > case.
>
> I think that is worth it:
Not anymore. There is just one other decode user (it'
On Thu, 27 Nov 2014 21:52:29 +0100, Tobias Stoeckmann wrote:
> The validation looks a bit like a magic number there, but this could
> prevent issues of other decode()-users, too... So yeah, I think that
> is worth it:
OK millert@
- todd
On Thu, Nov 27, 2014 at 01:29:48PM -0700, Todd C. Miller wrote:
> I think it would be better for decode() to just return -1 in this
> case.
The validation looks a bit like a magic number there, but this could
prevent issues of other decode()-users, too... So yeah, I think that
is worth it:
Index
On Thu, 27 Nov 2014 20:42:55 +0100, Tobias Stoeckmann wrote:
> the facility number is not properly validated while parsing the
> configuration file -- it is possible to supply a number which is
> larger than LOG_NFACILITIES, therefore accessing memory outside
> of f_pmask's boundaries.
I think it
Hi,
the facility number is not properly validated while parsing the
configuration file -- it is possible to supply a number which is
larger than LOG_NFACILITIES, therefore accessing memory outside
of f_pmask's boundaries.
# echo "10.debug;syslog,user.info /var/log/messages" > my.conf
# syslog
