On Sat, Sep 09, 2006 at 12:30:27PM -0500, Matthew R. Dempsky wrote:
> On Sat, Sep 09, 2006 at 09:50:16AM -0400, Woodchuck wrote:
> > > FILE *mail;
> > > char sendmail[512];
> > > sprintf(sendmail, "%s %s", SENDMAIL_PATH, RECIPIENT);
> >
> > use snprintf here, this is exactly the sort of code that some joker
> > will try to do a buffer overflow on.
>
> Assuming RECPIENT is actually something that will be user
> controllable, doesn't he need to worry about quoting RECIPIENT and
> making sure it doesn't start with a dash?
>
> Does OpenBSD have a popen(3) replacement but with an exec(3)-like
> interface instead of a system(3)-like one?
Not really, IIRC; using pipe() and exec() is the way to go...
Joachim
