On Wed, Nov 21, 2001 at 12:47:49AM -0600, Bryan Andersen wrote:
On thing I think is quite important is to get rid of calls to
routines that it is possible to buffer overflow. OpenBSD has a
feature in their version of gcc that will cause a compile time
error message telling you when one
On Wed, Nov 21, 2001 at 08:29:09AM +0100, Sebastian Rittau wrote:
I hope strcpy() does not belong to this class. It's quite common to do
something like this:
int len = strlen(s);
char *new = (char *) malloc(len + 1);
strcpy(new, s);
This is perfectly fine.
Albeit silly; you mean
Andrew Suffield [EMAIL PROTECTED] writes:
Albeit silly; you mean strdup()
Unless you're restricted to C89.
--
Alan Shutko [EMAIL PROTECTED] - In a variety of flavors!
Style may not be the answer, but at least it's a workable alternative.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with
John Galt wrote:
On Wed, 21 Nov 2001, Guillaume Morin wrote:
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore
On Wed, Nov 21, 2001 at 12:47:49AM -0600, Bryan Andersen wrote:
On thing I think is quite important is to get rid of calls to
routines that it is possible to buffer overflow. OpenBSD has a
feature in their version of gcc that will cause a compile time
error message telling you when one of
On Wed, Nov 21, 2001 at 08:29:09AM +0100, Sebastian Rittau wrote:
I hope strcpy() does not belong to this class. It's quite common to do
something like this:
int len = strlen(s);
char *new = (char *) malloc(len + 1);
strcpy(new, s);
This is perfectly fine.
Albeit silly; you mean
Andrew Suffield [EMAIL PROTECTED] writes:
Albeit silly; you mean strdup()
Unless you're restricted to C89.
--
Alan Shutko [EMAIL PROTECTED] - In a variety of flavors!
Style may not be the answer, but at least it's a workable alternative.
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
--_
anders gjære
system engineer
+47 414 22 934
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore this is not a security
problem.
--
Guillaume Morin [EMAIL PROTECTED]
On Wed, 21 Nov 2001, Guillaume Morin wrote:
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore this is not a
Previously Guillaume Morin wrote:
gzip runs with user privileges, therefore this is not a security
problem.
But a fair amount of privileged programs do run gzip so it can be
a security problem.
Wichert.
--
_
[EMAIL
On Wed, 21 Nov 2001, Guillaume Morin wrote:
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore this is not a security
John Galt wrote:
On Wed, 21 Nov 2001, Guillaume Morin wrote:
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges,
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
--_
anders gjære
system engineer
+47 414 22 934
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore this is not a security
problem.
--
Guillaume Morin [EMAIL PROTECTED]
On Tue, Nov 20, 2001 at 11:33:20PM +0100, Anders Gj?re wrote:
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
The call to strcpy() may be replaced with a call to strncpy(), but there is
no problem in the call to strcpy().
On Wed, 21 Nov 2001, Guillaume Morin wrote:
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore this is not a
Previously Guillaume Morin wrote:
gzip runs with user privileges, therefore this is not a security
problem.
But a fair amount of privileged programs do run gzip so it can be
a security problem.
Wichert.
--
_
/[EMAIL
On Wed, 21 Nov 2001, Guillaume Morin wrote:
Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
in gzip.c
the line:
strcpy(nbuf,dir);
should maybe be replaced with:
strncpy(nbuf, dir,sizeof(nbuf));
gzip runs with user privileges, therefore this is not a security
19 matches
Mail list logo