Subject: Re: buffer overflows in libsa
To: None <tech-kern@NetBSD.org>
From: Roland Illig <rillig@NetBSD.org>
Date: 08/24/2005 09:51:52
Roland Illig wrote:
> Hi all,
> the stand-alone library still contains two function with buffer
> overflows, namely gets() and getpass(). To fix that, I have written the
> appended patch.
I'm currently building NetBSD/alpha to test the effect on the code size.
On i386 and sparc I could already reduce the code size so that the code
_with_ the overflow checking is actually smaller than the old code
without. So I'm confident we can have small _and_ secure code. :)