Vacation 1.2.7.0 beta 2 released

This new beta may be more on the alpha side of beta as it includes a substantial number of changes to improve security. Rather than using the standard strcpy, strcat, etc it now uses the OpenBSD secure string handling functions strlcat and strlcpy and use of sprintf has been changed to snprintf to try and avoid possible buffer overruns. I’m not actually aware of any attacks but this is quite old code so you never know your luck.

I’ve also changed the implementation of the nsearch() function to use strcasestr() which makes it much simpler.

You can download the release from Sourceforge.

Please test and comment!


ChangeLog for Beta2

2007/01/07
- Added OpenBSD secure string handling functions strlcat and strlcpy.
- Added prototypes for strlcat and strlcpy to vacation.h.
- Changed vacation.c to use strlcat and strlcpy instead of strcat and strcpy.
- Changed vacation.c to use snprintf rather than sprintf.
- Made flawfinder ignore snprintf's as they are all constant format strings.
- Changed Makefile to build with OpenBSD string functions.
- Changed "make clean" to remove vacation in source directory.
- Added a dependancy on vacation.h to the various build options.
- Replaced the old nsearch() code with simpler code based using strcasestr()

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>