subject:"Bug#451886\: fgets\(\) and poison NULL byte attacks \(aka NULL escapes\)"

Bug#451886: fgets() and poison NULL byte attacks (aka NULL escapes)

2007-11-19 Thread Pierre Habouzit

tag 451886 + wontfix thanks On Mon, Nov 19, 2007 at 05:16:29AM +, Andrew Buckeridge wrote: package: libc6 version: 2.3.6.ds1-13etch2 severity: wishlist Possible partial fix for fgets and alternatives. Bug #57729 is marked as done. It could be fixed for real. I have found null

Bug#451886: fgets() and poison NULL byte attacks (aka NULL escapes)

2007-11-18 Thread Andrew Buckeridge

package: libc6 version: 2.3.6.ds1-13etch2 severity: wishlist Possible partial fix for fgets and alternatives. Bug #57729 is marked as done. It could be fixed for real. I have found null escapes a pretty reliable way of breaking many C programs including various editors. The standard C stdio.h