Re: Cross-site scripting

From: Robert Collins <robert.collins@dont-contact.us>
Date: Mon, 30 Oct 2000 20:09:49 +1100

Looks great to me... one question though

Why the extra snprintf? Is "#&%03d;", (int)char) not safe?

I thought it was things like xprintf(mychar*) that were problems.

Rob

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Cc: <squid-dev@squid-cache.org>
Sent: Monday, October 30, 2000 11:04 AM
Subject: Re: Cross-site scripting

> Robert Collins wrote:
>
> > Sounds good to me. On a related note should an announcement be made on
> > bugtraq (or similar lists) about the patch & the new contact details -
> > once a patch is incorporated (and available for all "supported"
> > versions?)
>
> Tha patch on SourceForge has now passed all my acceptance testing.
>
> * No apparent use of unsafe functions
> * Verified that use of less apparent unsafe functions are indeed safe
> with no buffer overflows
> * Verified that the quoting gets correctly done.
> * Most (all?) issues in FTP fixed
> * Most (all?) issues in Gopher fixed
> * More fancy output ;-)
>
> /Henrik
>
>
Received on Mon Oct 30 2000 - 02:04:46 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:53 MST