> hi, > dbadmin.c: strcpy(op_temp,curField->name); > dbadmin.c: strcat(rec_new,curField->name); both op_temp and rec_new are malloc()'d so they are safe enough. dbadmin still looks exploitable however from: strcat(qbuf,thetable); qbuf is not malloc'd but is a global variable. -- Mark
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:08 PDT