On 9/9/06, Matthew R. Dempsky <[EMAIL PROTECTED]> wrote:
On Sat, Sep 09, 2006 at 09:50:16AM -0400, Woodchuck wrote:
> > FILE *mail;
> > char sendmail[512];
> > sprintf(sendmail, "%s %s", SENDMAIL_PATH, RECIPIENT);
>
> use snprintf here, this is exactly the sort of code that some joker
> will try to do a buffer overflow on.
Assuming RECPIENT is actually something that will be user
controllable, doesn't he need to worry about quoting RECIPIENT and
making sure it doesn't start with a dash?
Does OpenBSD have a popen(3) replacement but with an exec(3)-like
interface instead of a system(3)-like one?
--
Stefan
