Previously John Hasler wrote: > As I noted, there are no calls to system or its ilk. That's good. > I know how to fix the sprintf's. My plan now is to analyze the path > followed by strings from input to consumption. It might be much easier to just replace them with snprintf's. Also check for things like strcpy(), insecure handling of files, etc. Wichert. -- ============================================================================== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: wakkerma@cs.leidenuniv.nl WWW: http://www.wi.leidenuniv.nl/~wichert/
Attachment:
pgpuDvejEhbVo.pgp
Description: PGP signature