On Fri, Jun 25, 2010 at 5:17 PM, Nobody <nob...@nowhere.com> wrote:
> To be fair, it isn't actually limited to web developers. I've seen the
> following in scientific code written in C (or, more likely, ported to C
> from Fortran) for Unix:
>
> sprintf(buff, "rm -f %s", filename);
> system(buff);
Tsk, tsk. And it's so easy to fix, too:
#define BUFSIZE 1000000
char buff[BUFSIZE];
if (snprintf(buff, BUFSIZE, "rm -f %s", filename) >= BUFSIZE) {
printf("No buffer overflow for you!\n");
} else {
system(buff);
}
There, that's much more secure.
--
http://mail.python.org/mailman/listinfo/python-list
