D.A. Harris wrote:
<> Maybe the point of the note I saw was that there are numerous strcpy, strcmp,
<> and strcat's that exist in procmail's source, which might need conversion
<> to strncpy, etc, etc., so as to minimize potential future buffer overflows.
Yep. It was bugtraq and the person (I've forgotten who - I do apologise
for not being able to attribute!) pointed out precisely what you say
above:
% cd build/procmail-3.11pre7/src
% egrep 'strc(py|at)' *.c | cut -f1 -d: | uniq -c | sort -rn
17 misc.c
16 procmail.c
8 mailfold.c
4 authenticate.c
3 goodies.c
3 formail.c
1 pipes.c
1 locking.c
1 lockfile.c
1 cstdio.c
1 acommon.c
Reto
--
R A Lichtensteiger rali(_at_)meitca(_dot_)com -or-
rali(_at_)world(_dot_)std(_dot_)com
http://www.meitca.com/ITA/People/rali
"Yes, you're doing things right, but are you doing the right things?"
"Nope. I'm just doing something dumb fast."