On Wed, 19 Aug 2015 18:25:45 +0100 Rainer Weikusat <rainerweiku...@virginmedia.com> wrote:
> Edward Bartolo <edb...@gmail.com> writes: > > I am not assuming anything and understand the risks of buffer > > overflows. The first step I am taking is to make the code function. > > The second step is further debug it until it behaves properly and > > the third step is to correct any potential security issues. > > Realistically, the first step is 'make the code function', the second > step is 'graduate from university based on your thesis' and the 3rd > was called 'heartbleed', IOW, that's not going to happen in this way. > If you're doing string processing in C, try to do it correctly from > the start. That's much easier than retrofitting proper length/ size > handling onto some working code. LOL, hey guys, cut Edward some slack. He whipped this up in one day, when the rest of us, especially I, were sitting on our hands *with respect to a Wifi tool*. He'll obviously change the strcpy() to strncpy(), or buf=(char *) malloc(sizeof(char) * strlen(src)) later, and if he doesn't, we will. In The Cathedral and the Bizaar, Eric Raymond says the following: ================================================================== When you start community-building, what you need to be able to present is a plausible promise. Your program doesn't have to work particularly well. It can be crude, buggy, incomplete and poorly documented. What it must not fail to do is (a) run, and (b) convince potential co-developers that it can be evolved into something really neat in the forseeable future. ================================================================== In one day, Edward has accomplished the preceding. With very simple code having few if any dependencies. And it's short enough that retrofitting won't be a problem. Having no wifi on this box, I haven't been able to run his thing yet, but I bet I could run it without a front end, just by making a couple test-jig shellscripts. Edward, you just keep doing what you're doing. Any rough edges or insecurities you don't smooth out, there's an army of people who can do that. SteveT Steve Litt August 2015 featured book: Troubleshooting: Just the Facts http://www.troubleshooters.com/tjust _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng