INN BUFFEROVERFLOWS!

Russ Allbery rra at stanford.edu
Tue Jan 16 23:14:53 UTC 2007


zybadawg333 at hushmail.com writes:

> Cool!

> If you feel like improving smaller issues like these, I find the way the
> code grabs format strings from the moderators file and that other place
> a little scary. Perhaps a simulation that concatenates stuff when it
> sees "%s" could be in order, instead of using snprintf() for real?

In general, INN isn't hardened against things that people can do in
configuration files, but yes, I think you're right.  That's bothered me
each time I looked at it too, since we really don't want to bring the full
power of printf to bear on those strings.  It makes it easy for people to
shoot themselves in the foot if for some reason they need to use % in an
e-mail address.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the inn-bugs mailing list