On Fri, 24 Jul 1998, dave wrote:
->>char sys_string[1024];
->>...
->>bzero(sys_string,1024);
->>strcpy(sys_string,"slider 10 | fit_it -f ");
->>strcat(sys_string,fileName);
->>strcat(sys_string," -xmgr | xmgr-dynamic -source stdin&");
->>system(sys_string);
->>...
->
->Wouldn't the fact that you building your string in a static buffer cause
->security probs?
->ie writing beyond the end.....of 1024,
The fact that u use static buffer doesn't necessary lead to buffer
overflow exploits. In the example above there s no user input affecting
the static buffer so the security risk is not higher that of writing after
the upper limit of malloc-ed buffer.
->
->but then i'm not sure if:-
->
->char sys_string[1024];
->
->would be allocated on the stack anyway....
->
It will be in the example above.
Regards,
Marin
"Knowledge is not a crime. Some of its applications are..."
- Unknown hacker
