[Namazu-devel-en] Re: [PATCH] potential buffer overrun in namazu.cgi?

Tadamasa Teranishi yw3t-trns at asahi-net.or.jp
Thu May 18 02:25:54 JST 2006


Derek Atkins wrote:
> 
> In case you care, here's the patch I used, against 2.0.16.  This patch
> also implements a third replacement, {version}, so that I can put the
> namazu version# into the output without requiring the templates to
> know what version of namazu is running.

As for Namazu 2.0.X, the function enhancing is scheduled not to be 
done in the future. (Only the bug fix)

However, it is likely to be enhanced in Namazu 2.2.X (It is thought 
that the format changes) to use the one other than "{cgi}" "{doc}".

By the way,
The buffer is similarly broken when VERSION is 10 characters or 
more though "{version}" is 9 characters. 
It doesn't become 10 characters or more in a usual release version. 
However, the one under development might exceed and gets 10 
characters. 

 ex) 2.0.17pre1

> Because another problem was found, it corrects it collectively. 

The correction of stability version (stable-2-0) source of CVS has 
corrected and development version (HEAD) sources. 
--
=====================================================================
TADAMASA TERANISHI  yw3t-trns �� asahi-net.or.jp
http://www.asahi-net.or.jp/~yw3t-trns/index.htm
Key fingerprint =  474E 4D93 8E97 11F6 662D  8A42 17F5 52F4 10E7 D14E



More information about the Namazu-devel-en mailing list