[isf-wifidog] protecting the gateway status page
acv
acv at miniguru.ca
Lun 28 Avr 10:18:33 EDT 2008
On Mon, Apr 28, 2008 at 04:02:47PM +0200, Wichert Akkerman wrote:
>
> It uses fixed size buffers and checks buffer lengths for all operations,
> so it is just as secure as the rest of it.
I was worried that _httpd_decode() would make an off-by-one
while calculating the decoded size.
> There does appear to be a generic problem with strncpy use throughout
> api.c though: strncpy will not NUL-terminate a string if the source is
> larger than the buffer. A too common error unfortunately, and one I
> should have noticed before. I'll sort out a patch to fix that.
If you think you'll get that done quickly, you could append it to
#463 so it's merged at the same time.
> Has anyone tried running the gateway under valgrind?
Not that I'm aware.
Alex
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 187 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080428/0f75c8c1/attachment.pgp
Plus d'informations sur la liste de diffusion WiFiDog