[isf-wifidog] protecting the gateway status page

acv acv at miniguru.ca
Lun 28 Avr 10:18:33 EDT 2008

On Mon, Apr 28, 2008 at 04:02:47PM +0200, Wichert Akkerman wrote:
> It uses fixed size buffers and checks buffer lengths for all operations,
> so it is just as secure as the rest of it.
	I was worried that _httpd_decode() would make an off-by-one
while calculating the decoded size.

> There does appear to be a generic problem with strncpy use throughout
> api.c though: strncpy will not NUL-terminate a string if the source is
> larger than the buffer. A too common error unfortunately, and one I
> should have noticed before. I'll sort out a patch to fix that.

	If you think you'll get that done quickly, you could append it to
#463 so it's merged at the same time.

> Has anyone tried running the gateway under valgrind?

	Not that I'm aware.

-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 187 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080428/0f75c8c1/attachment.pgp 

Plus d'informations sur la liste de diffusion WiFiDog