On 9/22/06, Sharninder <[EMAIL PROTECTED]> wrote: > > # make > > cc -c sleezeball.c > > sleezeball.c:79: warning: conflicting types for built-in function `log' > > cc -o sleezeball sleezeball.o > > sleezeball.o(.text+0xd0): In function `log': > > : warning: vsprintf() is often misused, please use vsnprintf() > > sleezeball.o(.text+0x5d): In function `get_date': > > : warning: strcpy() is almost always misused, please use strlcpy() > > # cd /usr/ports/ > > # make search name=sleezeball > > # > > ======================================================================== > > > > Are these warnings ok? Is it really bad security to use this Software? > > > > strcpy and friends are known to be prone to buffer overflow and other > such vulnerabilities. Security experts therefore advise using variants > like strlcpy and friends. OpenBSD, being more security conscious, > probably has these warning enabled by default and that is why you're > getting them while issuing a simple make. > Thankyou so much Sharninder for your reply :-)
So is there some technique to mass convert all strcpy() in code to strlcpy()? KInd Regards Siju _______________________________________________ bsd-india mailing list [email protected] http://www.bsd-india.org/mailman/listinfo/bsd-india
