Bugtraq mailing list archives
Re: WuFTPD: Providing *remote* root since at least1994
From: luci () WILD TRANSART RO (Hudin Lucian)
Date: Thu, 29 Jun 2000 23:30:25 +0300
Actually many people blame sprintf usage as a potential source for buffer overflow exploits, yet : char buff[BUFSIZ]; sprintf(buff, "%.*s", BUFSIZ, "string"); avoids the overflow ... IMHO it's very easy to avoid buffer overflows when writing critical programs just by keeping in mind the 5th of "the ten C commandments", just in case you forgot it : 5. Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest "foo" someone someday shall type "supercalifragilisticexpialidocious". Regards, LucySoft
Current thread:
- Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
- Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
- SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Update to Integrity Protection Driver Available IPD (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 29)
- Buggy ARP handling in Windoze Paul Starzetz (Jun 29)
- Re: Buggy ARP handling in Windoze Jurjen Oskam (Jun 29)