-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Buffer overflow in client_error #9
Comments
nezza
changed the title
Dangerous use of sprintf, strcpy & strncpy.
Buffer overflow in client_error
Jul 25, 2014
Should be using nprintf() |
MagicalTux
pushed a commit
to MagicalTux/nope.c
that referenced
this issue
Jul 25, 2014
And how is nprintf more secure? |
nprintf() dynamically allocates buffer space to fit the whole string and will not overflow the buffer. |
nprintf() NOW dynamically allocates buffer space. As you know. Because you fixed it. #14 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After having a quick look at the code I think you should put a big warning on the README that this code is not at all ready for anything that listens on a public port. Besides the stack overflow that was already reported by MagicalTux there's also this code which will cause a bufferoverflow if msg & longmsg are too long:
Pretty sure this is not the only problem remaining.
The text was updated successfully, but these errors were encountered: