[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 1-byte buffer overflows

From: Larry Jones
Subject: Re: 1-byte buffer overflows
Date: Sun, 8 Jul 2001 16:51:49 -0400 (EDT)

Pekka Savola writes:
> if the read data is too long, sscanf will read 16 bytes and append a
> terminating NULL, causing 1 byte of corrupted memory.

I've checked in a slightly different fix for this problem.  Note that it
only occurs in the notoriously buggy PRESERVE_PERMISSIONS_SUPPORT code
that is disabled by default.  Use it only at your own risk.

> For what it's worth, not using buffer boundary checks (sprintf, strcat,
> strcpy etc. instead of snprintf etc.) in the code is way bound for
> disaster sooner or later.  If architectures lacking these are supported,
> I'd probably add a support library consisting of these functions as e.g.
> OpenSSH does.

Most of the code uses dynamic allocation to ensure that the buffer is
large enough.  Using snprintf, particularly a third-party version, would
likely hurt performance for no real benefit.

-Larry Jones

These things just seem to happen. -- Calvin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]