/ 2003-09-05 16:47:30 +0200
\ Frank Lichtenheld:
> Hi.
>
> I recently adopted the magpie package (It reads in Packages files and
> produces HTML output)
>
> It was un/undermaintained a long time and has no separate upstream.
> While looking in the code to fix some outstanding bugs I found
> several code pieces like
>
> char path[256];
> sprintf( path, "some string/%s", packagename);
>
> There are no further checks as I can see. I'm not very experienced in C
> programming and don't know much about the details of exploiting buffer
> overflows or the like...
>
> Is such code (away from the fact that it can easily lead to segfaults) a
> security problem?
imho, yes.
thats why there is the
int snprintf(char *str, size_t size, const char *format, ...);
^ ^^^^^^^^^^
counterpart.
Lars Ellenberg
--
pls sign http://petition.eurolinux.org
against software patents in Europe!
