On Wednesday, August 20 2014, Hádrian R wrote: > Hi, I'm Kaiwaiata, since more than 2h searching and finding various > possible vulnerabilities in source code of GDB.. > I will tell you one vulnerability now, if they treat me well I will tell > the other..
Hello Kaiwaiata, Thanks for the message. However, this list is not used by GDB folks anymore. I recommend you to post your message on <[email protected]>. > unsafe use of *strcpy()* in *int net_open (.. ..){**:* > > *gdb-7.8.tar\gdb\ser-tcp.c:* > * line 187: *strncpy (hostname, name, tmp); > * line 187: *strcpy (hostname, "localhost"); You could even post a patch fixing this, if you want. To do that, send the patch to <[email protected]>. Thanks, -- Sergio GPG key ID: 0x65FC5E36 Please send encrypted e-mail if possible http://sergiodj.net/ _______________________________________________ bug-gdb mailing list [email protected] https://lists.gnu.org/mailman/listinfo/bug-gdb
