Three questions have come up:
Consider this codesnipplet from src/print.c :
| void writedates(char *dir, char *label, int amountmsgs)
| {
| int newfile;
| char filename[MAXFILELEN];
| FILE *fp;
|
| sprintf(filename, "%s%s%s", dir,
| (dir[strlen(dir) - 1] == '/') ? "" : "/", datename);
b)
What protects the "filename" buffer from being overrun?
Except that other limits on "dir" and "datename" might warranty it,
this kind of code just makes me nervous. :)
c) I know that mprintf seems to be used. The mprintf.h file seems to be covered under the MPL v1.0. There is a MPL v1.1. Is this all okay with the GPL which some of the rest of hypermail is licensed or do you have seperate mprintf from the program?
As for the new hypermail release, my comments made a couple of month ago still hold and I submitted a couple of replacements for the ugly make process in the archive subdirectory. They are based on gmake right now, but I would distribute them anyway as alternative.
Regards,
Bernhard
-- Research Assistant, Geog Dept UM-Milwaukee, USA. (www.uwm.edu/~bernhard) Free Software Projects and Consulting (intevation.net) Association for a Free Informational Infrastructure (ffii.org)Received on Mon 29 Nov 1999 04:02:07 AM GMT
- application/pgp-signature attachment: stored
This archive was generated by hypermail 2.3.0 : Sat 13 Mar 2010 03:46:11 AM GMT GMT