On Tue, 2007-09-25 at 10:07 +0300, Kim B. Heino wrote: > Hello, > > Attached patch fixes httpd's authentication config parser in BusyBox > 1.7.1. With gcc/glibc the original code is the same as > "sprintf(p0,":%s",c);".
candidate for fixes-1.7.1? Without studying the entire source, it looks like its not checking the length of the string. There is not a potensial buffer overflow here right? -nc _______________________________________________ busybox mailing list busybox@busybox.net http://busybox.net/cgi-bin/mailman/listinfo/busybox