Hi,
I am a Ph.D. student at UIUC working with Professor Ralph Johnson. My
research interest is security and software architecture. At this point, I am
surveying existing software architecture for buffer overflow vulnerability
protection.
I need some help understanding the Licq codebase. In particular I have three
questions.
1. Does the C/C++ code use the string library functions (strcpy, strcat,
gets etc)?
2. Or does it use some sort of buffer bounds checking, either by rewriting
the string library, or checking before every buffer operation?
3. Is the bounds checking available from the first release, or it has been
included in a subsequent release? How did the development team go about
making this change in the code?
Any information would be greatly appreciated. Thanks in advance.
Munawar Hafiz
UIUC
https://netfiles.uiuc.edu/mhafiz/www/
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Licq-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/licq-devel
