[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#27050 (fdutils): A cause for security concern?

Previously John Hasler wrote:
> As I noted, there are no calls to system or its ilk.

That's good.

> I know how to fix the sprintf's.  My plan now is to analyze the path
> followed by strings from input to consumption.

It might be much easier to just replace them with snprintf's. Also check
for things like strcpy(), insecure handling of files, etc.


This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wakkerma@cs.leidenuniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/

Attachment: pgpuDvejEhbVo.pgp
Description: PGP signature

Reply to: