* Stefan Ritt: > Florian Weimer wrote: >> address you started with. Since DNS is quite dynamic, it's also a >> good idea to include IP address information in the log file in all >> cases, even if a proper host name was found in DNS. > > So I put the IP address there in any case, committed in revision 1636.
Thanks. >> However, the second argument of write_logfile is passed to vsprintf >> (which should be turned into vsnprintf, by the way), so it should be a >> real format string, and not some user input. The 0005 patch I sent >> tries to address that (but for the version in Debian stable). > > That's not true anymore. Inside write_logfile, I do not use vsprintf any > more, instead I use strlcat() which should be safe. Okay, the current version in your Subversion repository should be safe indeed. I missed the strlcat change, as I looked mostly at the Debian versions. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]