Author: David Eppstein
Date: 19:39:30 09/26/99
Go up one level in this thread
I wrote: >>In two messages in the same thread you are saying you want to avoid sloppy >>unsafe programming practices, and also saying you want to use sprintf??? >> >>(Hint: it has no protection against buffer overflows.) To which Robert Hyatt replied: >I don't need protection against buffer overflows. I code for that circumstance >up front. :) You do? There were 165 sprintfs in crafty 16.13 (the latest one I have available for easy grepping right now). Of those, 67 of those have a %s in the pattern. Are you sure the string in the %s is always shorter than the buffer? The very first ones I checked, in BookUp() in book.c, have a 64-character buffer (fname) being printed into with a %s from a 128-character string (book_path). Are you still sure you don't need protection? If crafty were a standalone program, maybe this wouldn't be a big problem, after all who cares if screwy input causes a freeware program to crash. But wouldn't you be embarrased if this led to a security compromise against all the kiddies running crafty on the servers?
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.