[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



[ I removed a number of people from the To and Cc lines. ]

"Christopher W. Curtis" <ccurtis@aet-usa.com>:
> int main()
> {	FILE *foo = popen( "non-executable.file", "r+ );
> 	fprintf( foo, "hmm" );
> }

This crashes because popen returns NULL, and you use that value without
checking for NULL. This is quite regardless of whether the program
can be executed or not - popen has a large number of reasons why it can
return NULL and anyone not checking the return value deserves to be
eaten alive by bulimic carrier pigeons.

Bug-ridden programs written by hordes of monkeys jumping on keyboards
is not a reason to avoid doing something. In fact, it is a good reason
to do it - to see how amusingly they break so that one can have a good
laugh and can file bug reports with patches to fix the problems.

-- 
Lars Wirzenius <liw@wapit.com>
Architect, Kannel WAP and SMS Gateway project, Wapit Ltd, http://www.kannel.org



Reply to: