KSR's proposed patch to Deliver has a bug: According to KSR[T]: > + char token[BUFSIZ]; /* Probably paranoid. */ > > + while (isascii(*lexptr) && isalpha(*lexptr) && i < BUFSIZ) > token[i++] = *lexptr++; > token[i] = '\0'; Buffer overrun is possible here. I suggest anyone who uses Deliver just get the current tarball: http://www.pobox.com/~chip/deliver-2.1.13.tar.gz -- Chip Salzenberg - a.k.a. - <chipat_private> "I stopped that bus and I saved them kids!" "All except one -- the one you let drive!" "He showed me his license..." "He was seven!!!" // MST3K
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:47 PDT