Re: Buffer overflows with s(n)printf ()
- From: Gus Koppel <gtk spamkiller bytechase cx>
- To: gtk-app-devel-list gnome org
- Subject: Re: Buffer overflows with s(n)printf ()
- Date: Fri, 24 Oct 2003 12:30:19 +0200
Gus Koppel wrote:
See
http://www-106.ibm.com/developerworks/security/library/s-buffer-defend.html
for a rather detailed list and explanation of what and why not to use
and possibly what to use instead.
In short: if you encounter ANY of those functions listed in your
program then it's inherently unsafe and buffer-overflow-prone.
Clarification: by "ANY of those functions listed" I was referring to the
first list under "Major snares in C programming" only.
Another source for information about this issue is
http://www.linuxsecurity.com/docs/LDP/Secure-Programs-HOWTO/buffer-overflow.html
Hope this isn't considered too off-topic by some people ;-)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]