-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 John David Duncan wrote: > if(strcmp(r->handler,my_name)) return DECLINED;
why aren't you using strncmp?! Sorry, couldn't help it. I've seen (and exploited) way too many vulns like this. - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJWofWAlpOsGhXcE0RCusdAJ4rGSTzod8vgjrwuwBOiCGcfZTg6wCfWDUY gcsvk8AaZeWEj7S/AyVrW4A= =GSRX -----END PGP SIGNATURE-----
