Complete.Org: Mailing Lists: Archives: freeciv-dev: August 2004:
[Freeciv-Dev] (PR#9643) wordwrap_string is insecure
Home

[Freeciv-Dev] (PR#9643) wordwrap_string is insecure

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: undisclosed-recipients: ;
Subject: [Freeciv-Dev] (PR#9643) wordwrap_string is insecure
From: "Jason Short" <jdorje@xxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 8 Aug 2004 23:38:32 -0700
Reply-to: rt@xxxxxxxxxxx

<URL: http://rt.freeciv.org/Ticket/Display.html?id=9643 >

wordwrap_string takes a string and makes it longer.  This is insecure 
since it doesn't check the buffer length.  For instance in helpdata.c we 
just allocate a 64k buffer and assume it will never overflow.  A 
malicious person could easily make it overflow.

The solution, of course, is just to pass the bufsz to wordwrap_string.

jason




[Prev in Thread] Current Thread [Next in Thread]
  • [Freeciv-Dev] (PR#9643) wordwrap_string is insecure, Jason Short <=