[isf-wifidog] protecting the gateway status page

Wichert Akkerman wichert at wiggy.net
Lun 28 Avr 10:26:04 EDT 2008

Previously acv wrote:
> On Mon, Apr 28, 2008 at 04:02:47PM +0200, Wichert Akkerman wrote:
> > 
> > It uses fixed size buffers and checks buffer lengths for all operations,
> > so it is just as secure as the rest of it.
> 	I was worried that _httpd_decode() would make an off-by-one
> while calculating the decoded size.

I'll admit to feeling a bit better if authBuf was one byte larger but
looking at the code the calculation appears to be correct.

> > There does appear to be a generic problem with strncpy use throughout
> > api.c though: strncpy will not NUL-terminate a string if the source is
> > larger than the buffer. A too common error unfortunately, and one I
> > should have noticed before. I'll sort out a patch to fix that.
> 	If you think you'll get that done quickly, you could append it to
> #463 so it's merged at the same time.

I saw this too late so I created a new ticket for it:

> > Has anyone tried running the gateway under valgrind?
> 	Not that I'm aware.

Something for my TODO list then :)


Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.

Plus d'informations sur la liste de diffusion WiFiDog