Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: at the risk of another flamefest..

at the risk of another flamefest..

From: *Hobbit* <hobbit_at_avian.org>
Date: Mon, 15 Jul 1996 00:36:49 -0400

This one triggered my "old classic" filter. Your patch has

- char buf[256];
+ char *buf=alloca(strlen(name)+50);

and five lines later, the original code fragment

for (cp = name; *cp; )
n += *cp++;

Is this a family of mistakes that male programmers constantly make?? It's
doesn't matter how big your buffer is, it's how you USE it -- i.e. how you
limit what can be stuffed INTO it. Essentially unbounded processing of this
sort over areas that may not necessarily be conveniently zero-filled or
pre-terminated for you is one reason we have so many of these BUGS...

Maintaining perspective,

_H*
Received on Jul 15 1996

This message: [ Message body ]
Next message: Matthew G. Harrigan: "hpux 10.0 remote administration"
Previous message: Brian Tao: "Re: rdist exploit [bsdi]"
In reply to: Andrew N. Edmond: "Re: rdist exploit [bsdi]"
Next in thread: David Stagner: "Re: at the risk of another flamefest.."
Reply: David Stagner: "Re: at the risk of another flamefest.."
Maybe reply: Peter Jeremy: "Re: at the risk of another flamefest.."
Maybe reply: Eugene Bradley: "Re: at the risk of another flamefest.."
Maybe reply: Eugene Bradley: "Re: at the risk of another flamefest.."
Maybe reply: Mike Neuman: "Re: at the risk of another flamefest.."
Maybe reply: Eugene Bradley: "Re: at the risk of another flamefest.."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]