Hi Michael,
Thank you for your bug report. I think you are correctly spotting a problem.
In fact, similar bugs were found in the past. Thank you very much for your
patch too, and for the hint to reproduce the bug. We will review it all in
detail
for a future release fixing the problem.
Regards,
Hello,
I wanted to report a potentially exploitable issue within the cmd_pgnload()
and cmd_pgnreplay() functions in cmd.cc. In the loop between lines 482-485
in the former function, a specially crafted epdline could overrun the data
buffer located here:
char data[MAXSTR]="";
char