This patch fixes a buffer overflow in logrotate. The diff was done against trunk on http://svn.fedorahosted.org/svn/logrotate/ Sorry if this is the wrong place to post this. I didn't see a mailing list mentioned on the project page at https://fedorahosted.org/logrotate/ Index: config.c =================================================================== --- config.c (revision 319) +++ config.c (working copy) @@ -759,7 +759,7 @@ if (key == NULL) continue; - rc = sscanf(key, "%s %s%c", createOwner, + rc = sscanf(key, "%200s %200s%c", createOwner, createGroup, &foo); if (rc == 3) { message(MESS_ERROR, "%s:%d extra arguments for " @@ -810,7 +810,7 @@ if (key == NULL) continue; - rc = sscanf(key, "%o %s %s%c", &createMode, + rc = sscanf(key, "%o %200s %200s%c", &createMode, createOwner, createGroup, &foo); if (rc == 4) { message(MESS_ERROR, "%s:%d extra arguments for " -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
