Wichert Akkerman writes: > It might be much easier to just replace them with snprintf's.
That is what I meant when I said I know how to fix them. > Also check for things like strcpy()... I'd rather trace out the input string handling than just grep for dangerous functions. There isn't that much of it. The few strcpy's I found look safe, but I can think of ways to overrun a buffer without using any functions known to be dangerous. > ....insecure handling of files, etc. No files. What there is, however, is a password being sent in a udp packet. I haven't finished figuring out how he handles it, but it looks sniffable to me. -- John Hasler [EMAIL PROTECTED] (John Hasler) Dancing Horse Hill Elmwood, WI