|
| From: | Steven Abner |
| Subject: | strftime() possible security/crash risk |
| Date: | Sun, 12 Jun 2011 19:53:38 -0400 |
| Hi, me again. Still testing against your code, currently flag and bounds testing, and came across a possible risk?. Here's how to duplicate: char buf2[64]; //use your struct and localtime to generate valid ltm ret = strftime(buf2, 64, "%21V%21w%21G+", <m); printf("%s\n", buf2); The buf2 is not terminated allowing access to data beyond the buf2. This was a test so I didn't set up for if (ret != 0) printf(), got a screenful! It is even possible its a port issue? Not sure if you find this worthy of even reporting, but silly me! Steve |
| [Prev in Thread] | Current Thread | [Next in Thread] |