[xml] [xml]security issues

Hello All
I am doing a security audit on gnome-xml.
I saw a buffer-overflow in xmllint.c in xmlHTMLPrintFileInfo( ).There is a sprintf( ) function which copies 
the filename to a buffer of 50,000.
Since the filename can be non-local URI ,this can turn out be a vulnerability.

Also in nanoftp.c in xmlNanoFTPInit( ) there is a getenv( ) call to the environment variable 
"ftp_proxy_password" from where the proxy password is obtained.
Can this be a security issue?
Also the library depends on environment variables to get HTTP and FTP proxy URLs.Can these turn out to be 
security concerns?

Expecting your valuable feedbacks


Attachment: Wipro_Disclaimer.txt
Description: Text document

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]