On Tue, Nov 11, 2003 at 02:02:49PM -0500, Matt Zimmerman wrote: > On Tue, Nov 11, 2003 at 11:52:00AM -0600, Steve Langasek wrote: > > > The packages at <http://www.tbble.com/freeradius/> will be sponsored into > > the archive as soon as I've had a chance to review them (this week). > > This thing is packed full of strcpy() and strcat(), which is the sort of > sloppiness that I don't like to see in a network server. It was a great > blessing to find that we weren't shipping this in woody when the last batch > of security problems was discovered. > Have mercy... Well, then don't use it. :-) No, seriously, I'll put that on my TODO list. Mind you, we do some rather heavy input validation and are particularly strict on the RADIUS protocol, so I'm fairly confident that it's not going to be a problem. I am however curious about this "last batch of security problems"? Can you point me at that? -- ----------------------------------------------------------- Paul "TBBle" Hampson, MCSE 6th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) Paul.Hampson@Anu.edu.au "No survivors? Then where do the stories come from I wonder?" -- Capt. Jack Sparrow, "Pirates of the Caribbean" This email is licensed to the recipient for non-commercial use, duplication and distribution. -----------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature