INN BUFFEROVERFLOWS!
zybadawg333 at hushmail.com
zybadawg333 at hushmail.com
Tue Jan 16 23:11:20 UTC 2007
>I'll get these fixed in Subversion right away. Because it's dead
>code, I
>don't think it's a real security issue, but this sort of thing
>shouldn't
>be sitting around even in dead code.
Cool!
If you feel like improving smaller issues like these, I find the
way the code grabs format strings from the moderators file and that
other place a little scary. Perhaps a simulation that concatenates
stuff when it sees "%s" could be in order, instead of using
snprintf() for real?
-- z
Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485
More information about the inn-bugs
mailing list