Re: Possible buffer overflows = security problem?

To: debian-security@lists.debian.org
Subject: Re: Possible buffer overflows = security problem?
From: Lars Ellenberg <l.g.e@web.de>
Date: Fri, 5 Sep 2003 17:19:04 +0200
Message-id: <5Nm19Q/Sif1TnrrJLtQIHvc=lge@web.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030905144729.GE545@djpigpb>
References: <[🔎] 20030905144729.GE545@djpigpb>

/ 2003-09-05 16:47:30 +0200
\ Frank Lichtenheld:
> Hi.
> 
> I recently adopted the magpie package (It reads in Packages files and
> produces HTML output)
> 
> It was un/undermaintained a long time and has no separate upstream.
> While looking in the code to fix some outstanding bugs I found
> several code pieces like
> 
> char path[256];
> sprintf( path, "some string/%s", packagename);
> 
> There are no further checks as I can see. I'm not very experienced in C
> programming and don't know much about the details of exploiting buffer
> overflows or the like...
> 
> Is such code (away from the fact that it can easily lead to segfaults) a
> security problem?

imho, yes.
thats why there is the
int snprintf(char *str, size_t size, const char *format, ...);
     ^                   ^^^^^^^^^^
counterpart.

	Lars Ellenberg

-- 
pls sign http://petition.eurolinux.org
    against software patents in Europe!

Reply to:

References:
- Possible buffer overflows = security problem?
  - From: Frank Lichtenheld <djpig@djpig.de>

Prev by Date: Re: Possible buffer overflows = security problem?
Next by Date: Re: Possible buffer overflows = security problem?
Previous by thread: Re: Possible buffer overflows = security problem?
Next by thread: Re: Possible buffer overflows = security problem?
Index(es):
- Date
- Thread