[Freeciv-Dev] (PR#9643) wordwrap_string is insecure
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
<URL: http://rt.freeciv.org/Ticket/Display.html?id=9643 >
wordwrap_string takes a string and makes it longer. This is insecure
since it doesn't check the buffer length. For instance in helpdata.c we
just allocate a 64k buffer and assume it will never overflow. A
malicious person could easily make it overflow.
The solution, of course, is just to pass the bufsz to wordwrap_string.
jason
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Freeciv-Dev] (PR#9643) wordwrap_string is insecure,
Jason Short <=
|
|