[isf-wifidog] protecting the gateway status page

Wichert Akkerman wichert at wiggy.net
Lun 28 Avr 10:02:47 EDT 2008


Previously acv wrote:
> 	Did you check the libhttpd authentication code? Libhttpd is full of
> fixed buffer horror code so before merging this in, this would have to be
> checked.

It uses fixed size buffers and checks buffer lengths for all operations,
so it is just as secure as the rest of it.

There does appear to be a generic problem with strncpy use throughout
api.c though: strncpy will not NUL-terminate a string if the source is
larger than the buffer. A too common error unfortunately, and one I
should have noticed before. I'll sort out a patch to fix that.

Has anyone tried running the gateway under valgrind?

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.


Plus d'informations sur la liste de diffusion WiFiDog