[Namazu-devel-en] Re: [PATCH] potential buffer overrun in namazu.cgi?
Tadamasa Teranishi
yw3t-trns at asahi-net.or.jp
Thu May 18 02:25:54 JST 2006
Derek Atkins wrote:
>
> In case you care, here's the patch I used, against 2.0.16. This patch
> also implements a third replacement, {version}, so that I can put the
> namazu version# into the output without requiring the templates to
> know what version of namazu is running.
As for Namazu 2.0.X, the function enhancing is scheduled not to be
done in the future. (Only the bug fix)
However, it is likely to be enhanced in Namazu 2.2.X (It is thought
that the format changes) to use the one other than "{cgi}" "{doc}".
By the way,
The buffer is similarly broken when VERSION is 10 characters or
more though "{version}" is 9 characters.
It doesn't become 10 characters or more in a usual release version.
However, the one under development might exceed and gets 10
characters.
ex) 2.0.17pre1
> Because another problem was found, it corrects it collectively.
The correction of stability version (stable-2-0) source of CVS has
corrected and development version (HEAD) sources.
--
=====================================================================
TADAMASA TERANISHI yw3t-trns �� asahi-net.or.jp
http://www.asahi-net.or.jp/~yw3t-trns/index.htm
Key fingerprint = 474E 4D93 8E97 11F6 662D 8A42 17F5 52F4 10E7 D14E
More information about the Namazu-devel-en
mailing list