This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: note to whois maintainer


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher Faylor wrote:
> I can't duplicate the problem myself (and at least one respondent was
> also unable to duplicate it

Neither did I (trying up to a screenful of As).

> It has been a while since the last whois release.  Is there a
> newer version available?

The version of whois we're currently using, the one made by my
compatriot Marco d'Itri and included in Debian and other Linux distros,
seems to have reached version 4.7.8 (while we still ship 4.6.14):
http://ftp.debian.org/debian/pool/main/w/whois/

Reading the "man" that kind of attack seems to be expected:

> BUGS
>        The  program  has  many  buffer overflows when parsing the command line
>        parameters: be sure to not pass untrusted  data  to  it.   It  will  be
>        rewritten to use a dynamic strings library.

but, as the file says "3 December 1999" I wonder if this is still true.

Trying both the "whois" we ship and the one that FreeBSD ships I noticed
that the latter contains many more command line options and a better
"man" page (and is BSD licensed) while the one we now ship seems to
respond more completly to some queries such as the ones to the 6bone.
(asking for a .com or a .it gives the very same exact results)

    Lapo

UPDATE: I just checked with the author in ICQ, that paragraph is
actually still true.

- --
L a p o   L u c h i n i
l a p o @ l a p o . i t
w w w . l a p o . i t /
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iEYEARECAAYFAkMnE0oACgkQaJiCLMjyUvszvgCg+01uDKKLUfa8bAsTrmgCdeup
48UAn2MG9t1hO6wnjdNkO2uA9apknzJB
=CUgL
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]