In the mansour-gashabi-patch branch of libcdio, are some small changes to the code to reduce some weaknesses in the libcdio code base.
I'd appreciate it if folks would review these changes. If you have problems seeing the differences, just let me know. If there is no comment or concern raised about thes, then after about a week, I will merge this in master. Attached is a more detailed report that Mansour Gashabi produced in scanning the code for weaknesses. Thanks. - Rocky On Thu, Apr 4, 2024 at 6:51 PM Rocky Bernstein <ro...@gnu.org> wrote: > I just received a report about a place in libiso9660 > <https://git.savannah.gnu.org/cgit/libcdio.git/tree/lib/iso9660/iso9660_fs.c#n814> > where we use strcpy() instead of strncpy(). > > If someone has a suggestion for how to fix, please let me know. I can send > a more detailed report for those interested. Just email me. >
ALERT.pdf
Description: Adobe PDF document
