[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 1-byte buffer overflows
From: |
Larry Jones |
Subject: |
Re: 1-byte buffer overflows |
Date: |
Sun, 8 Jul 2001 16:51:49 -0400 (EDT) |
Pekka Savola writes:
>
> if the read data is too long, sscanf will read 16 bytes and append a
> terminating NULL, causing 1 byte of corrupted memory.
I've checked in a slightly different fix for this problem. Note that it
only occurs in the notoriously buggy PRESERVE_PERMISSIONS_SUPPORT code
that is disabled by default. Use it only at your own risk.
> For what it's worth, not using buffer boundary checks (sprintf, strcat,
> strcpy etc. instead of snprintf etc.) in the code is way bound for
> disaster sooner or later. If architectures lacking these are supported,
> I'd probably add a support library consisting of these functions as e.g.
> OpenSSH does.
Most of the code uses dynamic allocation to ensure that the buffer is
large enough. Using snprintf, particularly a third-party version, would
likely hurt performance for no real benefit.
-Larry Jones
These things just seem to happen. -- Calvin