[15567] in bugtraq
Re: WuFTPD: Providing *remote* root since at least1994
daemon@ATHENA.MIT.EDU (Hudin Lucian)
Fri Jun 30 17:02:26 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10006292303040.14573-100000@wild.transart.ro>
Date: Thu, 29 Jun 2000 23:30:25 +0300
Reply-To: Hudin Lucian <luci@WILD.TRANSART.RO>
From: Hudin Lucian <luci@WILD.TRANSART.RO>
X-To: Kenn Humborg <kenn@BLUETREE.IE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NBBBIGEGHIGMPCNKHCECIEDADLAA.kenn@bluetree.ie>
Actually many people blame sprintf usage as a potential source
for buffer overflow exploits, yet :
char buff[BUFSIZ];
sprintf(buff, "%.*s", BUFSIZ, "string");
avoids the overflow ... IMHO it's very easy to avoid buffer overflows when
writing critical programs just by keeping in mind the 5th of "the ten C
commandments", just in case you forgot it :
5. Thou shalt check the array bounds of all strings (indeed, all
arrays), for surely where thou typest "foo" someone someday shall type
"supercalifragilisticexpialidocious".
Regards, LucySoft
