Complete.Org: Mailing Lists: Archives: freeciv-dev: August 2004:
[Freeciv-Dev] (PR#9643) wordwrap_string is insecure

[Freeciv-Dev] (PR#9643) wordwrap_string is insecure

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	undisclosed-recipients: ;
Subject:	[Freeciv-Dev] (PR#9643) wordwrap_string is insecure
From:	"Jason Short" <jdorje@xxxxxxxxxxxxxxxxxxxxx>
Date:	Sun, 8 Aug 2004 23:38:32 -0700
Reply-to:	rt@xxxxxxxxxxx

<URL: http://rt.freeciv.org/Ticket/Display.html?id=9643 >

wordwrap_string takes a string and makes it longer.  This is insecure 
since it doesn't check the buffer length.  For instance in helpdata.c we 
just allocate a 64k buffer and assume it will never overflow.  A 
malicious person could easily make it overflow.

The solution, of course, is just to pass the bufsz to wordwrap_string.

jason

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] (PR#9643) wordwrap_string is insecure, Jason Short <=

Prev by Date: [Freeciv-Dev] Re: (PR#9640) RfP: help_items_iterate isn't reentrant
Next by Date: [Freeciv-Dev] Re: (PR#9596) Better nation selection
Previous by thread: [Freeciv-Dev] Re: (PR#9640) RfP: help_items_iterate isn't reentrant
Next by thread: [Freeciv-Dev] (PR#9644) remove global long_buffer
Index(es):
- Date
- Thread