Hi! I recently ran into a potential problem with berkley db 1.85 as distributed with all versions of slackware linux: (fixed in slackware 3.5 as of 07.14.98) libdb.so.1.85.4 defines snprintf and vsnprintf as calls to normal sprintf and vsprintf. Meaning: if you link any program against this lib and aren't careful about library linking order, you'll overload the working procedures from libc with the dummy-definitions from libdb and thus end up with broken (v)snprintf. Your programs will be vulnerable to buffer overflows even though correctly coded to avoid it. (I ran into this wile experimenting with a qpopper patch to directly write sucessfull pop3 logins to a database for use with sendmail pop_auth hack). Bye, Martin -------------------------------------------------- Martin Bene vox: +43-664-3251047 simon media fax: +43-316-813824-6 Andreas-Hofer-Platz 9 e-mail: mbat_private 8010 Graz, Austria -------------------------------------------------- finger mbat_private for PGP public key
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:16 PDT