|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: ftpd: the advisory version
From: Kragen Sitaker (kragen
POBOX.COM)Date: Thu Jun 29 2000 - 00:45:51 CDT
- Next message: Glynn Clements: "Re: Problems with FTGate"
- Previous message: Ian Shaughnessy: "Re: BOA Webserver local path problem"
- Maybe in reply to: Lamagra Argamal: "ftpd: the advisory version"
- Maybe reply: Kragen Sitaker: "Re: ftpd: the advisory version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Someone writes:
> [Dan Harkless wrote:]
> > len should be a size_t (which is typedef'd to be some kind of unsigned
> > int), which would avoid the problem (without having to mess with
> > explicitly unsigned chars, which will cause warnings on platforms where
> > chars are signed, for one thing).
>
> suppose domain[0] == '\x80', then if domain is `signed char' then
> len is -128, and if it's casted to unsigned int when calling
> strncpy can be 2^(sizeof(int)*8-1)-1, so there you go :)
I was going to reply to Dan's post and say the same thing, but then I
realized that he didn't mean making len size_t or otherwise unsigned
would make the code handle >127-char strings; he meant that it would
return here:
if (len >= 64)
return;
And he's right. Making len be a size_t will prevent this bug from
becoming a buffer overflow. ;)
-- <kragen
- Next message: Glynn Clements: "Re: Problems with FTGate"
- Previous message: Ian Shaughnessy: "Re: BOA Webserver local path problem"
- Maybe in reply to: Lamagra Argamal: "ftpd: the advisory version"
- Maybe reply: Kragen Sitaker: "Re: ftpd: the advisory version"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]