> const char *wname) { > + int rc = JK_TRUE; > + char buf[1024]; > + if (m && wname) { > + int value; > + sprintf(buf, "%s.%s.%s", PREFIX_OF_WORKER, wname, STICKY_SESSION);
Seeing that checkin I got curious and I had a look at the code. I saw that this sprintf is used a lot in that way. Was wondering if there was a way to pass some parameters to overflow the buffer. Especially if the name comes from a property read from a file. I didn't see any special protection checking the length of the parameters, wname in that case. Am I wrong? J. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>