Hi. I recently adopted the magpie package (It reads in Packages files and produces HTML output)
It was un/undermaintained a long time and has no separate upstream. While looking in the code to fix some outstanding bugs I found several code pieces like char path[256]; sprintf( path, "some string/%s", packagename); There are no further checks as I can see. I'm not very experienced in C programming and don't know much about the details of exploiting buffer overflows or the like... Is such code (away from the fact that it can easily lead to segfaults) a security problem? Thanks, -- Frank Lichtenheld <[EMAIL PROTECTED]> www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
