[isf-wifidog] protecting the gateway status page
Wichert Akkerman
wichert at wiggy.net
Lun 28 Avr 10:02:47 EDT 2008
Previously acv wrote:
> Did you check the libhttpd authentication code? Libhttpd is full of
> fixed buffer horror code so before merging this in, this would have to be
> checked.
It uses fixed size buffers and checks buffer lengths for all operations,
so it is just as secure as the rest of it.
There does appear to be a generic problem with strncpy use throughout
api.c though: strncpy will not NUL-terminate a string if the source is
larger than the buffer. A too common error unfortunately, and one I
should have noticed before. I'll sort out a patch to fix that.
Has anyone tried running the gateway under valgrind?
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
Plus d'informations sur la liste de diffusion WiFiDog