"Sergio" == Sergio Cuéllar Valdés <[EMAIL PROTECTED]> writes:
Sergio> sprintf(message, "/usr/local/bin/say -s 4 -a \"%s\"", buffer);
Note that this is a classic security problem since both message and
buffer are exactly the same size (BUFSIZE == 1024). Use snprintf or
otherwise validate t
Yep, thats a good point, that I havent realized. The security stuff is
very very important.
I have to change the code to be able to manage this problems. This is
the next step.
Thanks for your advice ;-)
Sergio Cuellar Valdes
On Fri, 14 Jan 2005 03:58:44 +, Steve Kemp <[EMAIL PROTECTED]> w
On Thu, Jan 13, 2005 at 09:41:29PM -0600, Sergio Cu?llar Vald?s wrote:
> Marc, thanks that was the problem !!!
>
> sprintf(message, "say -s 4 -a \"%s\"", buffer); < this was the big
> big big mistake
It certainly was.
> I added the hole path to the instructions:
>
> sprintf(message, "/usr/lo
Marc, thanks that was the problem !!!
sprintf(message, "say -s 4 -a \"%s\"", buffer); < this was the big
big big mistake
I added the hole path to the instructions:
sprintf(message, "/usr/local/bin/say -s 4 -a \"%s\"", buffer);
Thanks to all of you who helped me !! :-)
Sincerely,
Sergio Cuéll
4 matches
Mail list logo
