httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: showstopper strcpy et. al. security on WIN32
Date Sat, 09 May 1998 15:04:36 GMT
Ben Hyde wrote:
> 
> > >  WIN32 1.3 FINAL RELEASE SHOWSTOPPERS:
> > >     * SECURITY: numerous uses of strcpy and strcat have potential
> > >         for buffer overflow, someone should rewrite or verify
> > >         they're safe
> > >
> > > Am I missing something?
> >
> > I'm talking about the stuff in os/win32.
> 
> Ah, duh...
> 
> Yes, readdir.c and util_win32.c both leak, and could probably
> uses some guards or at least some analysis.  - ben hyde

Sigh. OK, I've committed changes for util_win32.c. Someone should review
them, of course.

I'll take a look at readdir.c (but perhaps not today - its easily the
nicest day of the year so far today).

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686|  Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author    http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Mime
View raw message