On Sat, Sep 09, 2006 at 12:30:27PM -0500, Matthew R. Dempsky wrote: > On Sat, Sep 09, 2006 at 09:50:16AM -0400, Woodchuck wrote: > > > FILE *mail; > > > char sendmail[512]; > > > sprintf(sendmail, "%s %s", SENDMAIL_PATH, RECIPIENT); > > > > use snprintf here, this is exactly the sort of code that some joker > > will try to do a buffer overflow on. > > Assuming RECPIENT is actually something that will be user > controllable, doesn't he need to worry about quoting RECIPIENT and > making sure it doesn't start with a dash? > > Does OpenBSD have a popen(3) replacement but with an exec(3)-like > interface instead of a system(3)-like one?
Not really, IIRC; using pipe() and exec() is the way to go... Joachim