httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bh...@gensym.com (Ben Hyde)
Subject Re: showstopper strcpy et. al. security on WIN32
Date Thu, 07 May 1998 00:51:48 GMT

> >  WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
> >     * SECURITY: numerous uses of strcpy and strcat have potential
> >         for buffer overflow, someone should rewrite or verify
> >         they're safe
> > 
> > Am I missing something?
> 
> I'm talking about the stuff in os/win32.

Ah, duh...

Yes, readdir.c and util_win32.c both leak, and could probably
uses some guards or at least some analysis.  - ben hyde

Mime
View raw message