Jeremy Evans wrote:
In updating the Scintilla and SciTE ports to 1.70 for OpenBSD, I've
done a code audit and replaced the insecure string handling functions
(strcat, strcpy, sprintf) with the secure ones (strlcat, strlcpy,
snprintf, respectively). Hopefully these security fixes can be
applied to future versions of Scintilla and SciTE. I'm not sure if
all of the fixes are correct (I'm not an experienced C++ programmer),
but hopefully the patches can be reviewed and applied if appropriate.
The openbsd ports are linked below:
Scintilla:
http://marc.theaimsgroup.com/?l=openbsd-ports&m=115275206705763&q=p3
SciTE:
http://marc.theaimsgroup.com/?l=openbsd-ports&m=115275206705763&q=p4
If you have any questions, please let me know.
Well, it is nice that you have done this... but it would most likely
have to become a "fork" of Scintilla/SciTE, since I strongly doubt
that Neil would accept a sweeping code update that breaks the ability
to build on so many platforms. ;)
Robert Roessler
[EMAIL PROTECTED]
http://www.rftp.com
_______________________________________________
Scintilla-interest mailing list
[email protected]
http://mailman.lyra.org/mailman/listinfo/scintilla-interest
