In article <19981201090542.A16443@crom.trimble.co.nz> you write:
>Buffer overflows were a problem back in some 1.x release - but they were
>fixed way back - could there be more?
When grepping for 'sprintf' I still find one occurance in lib/rfc1738.c,
none in src/*.c and lots of them in snmplib/*.c.
strcpy is still present in a lot of files, although at many places xstrncpy
is already used.
These are not the only two functions of course which can introduce buffer
overflows but replacing them with snprintf and strncpy everywhere would be a
good start I think...
Arjan
Received on Mon Nov 30 1998 - 15:53:04 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:25 MST