[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#27050 (fdutils): A cause for security concern?



Previously John Hasler wrote:
> As I noted, there are no calls to system or its ilk.

That's good.

> I know how to fix the sprintf's.  My plan now is to analyze the path
> followed by strings from input to consumption.

It might be much easier to just replace them with snprintf's. Also check
for things like strcpy(), insecure handling of files, etc.

Wichert.

-- 
==============================================================================
This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wakkerma@cs.leidenuniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/

Attachment: pgpuDvejEhbVo.pgp
Description: PGP signature


Reply to: