Possible buffer overflows = security problem?
Hi.
I recently adopted the magpie package (It reads in Packages files and
produces HTML output)
It was un/undermaintained a long time and has no separate upstream.
While looking in the code to fix some outstanding bugs I found
several code pieces like
char path[256];
sprintf( path, "some string/%s", packagename);
There are no further checks as I can see. I'm not very experienced in C
programming and don't know much about the details of exploiting buffer
overflows or the like...
Is such code (away from the fact that it can easily lead to segfaults) a
security problem?
Thanks,
--
Frank Lichtenheld <frank@lichtenheld.de>
www: http://www.djpig.de/
Reply to: