> void main(int argc, char **argv) > { > char OutString[100]; > // extract x & y from passed values > strcpy(OutString, argv[1]); > > This overflow can be avoided if you put the following code before > strcpy(). > > if (strlen(argv[1])>99) exit(0); While a tiny bounds check is usually important, IMHO it is more important to notice the coding style. The tiny snippet above tells me that the author of the original code doesn't have much of a clue. I don't mean just in regards to static buffer sizes, but also in regards to effeciency, memory utilization, or possibly even programming in C. Why didn't they use "char *outstring = argv[1];"? What do they do with Outstring, just pass it to atoi() to extract x? Or, perhaps, they even wrote their own version of atoi() with it's own errors. This code snippet has "I just learned C" all over it. I wouldn't be surprised if the original author didn't make dozens of similar mistakes. This is damning not only to this particular program, but also reflects on the quality and care that went into "OmniHTTPd 1.01 and Pro2.04". I don't know what those programs are, but if they were commercial packages, this could be a warning as to the possibility of their own weaknesses. The willingness of an author to ship such obviously broken code shows a distinct lack of professionalism. It's obvious they don't code review, which probably means they couldn't have done a security review. I'm not trying to pick on one program or author, but this is indicative of the state of software in general. This leads to one of the (usually) ignored keystones of that which, of late, has aquired the name "open source software". Having source doesn't just let you fix or extend software upon which you depend. Seeing the source code of a program can give valuable insight about the quality and skill that went into it's development. Shunning code and products from sources of low quality can help stem the tide of bugs, especially those that result in security vulnerabilities. John
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:34 PDT