On Sun, 2002-12-01 at 19:19, Erik de Castro Lopo wrote: > Hi all, > > At Firday's nights meeting I said that I had been looking at the > Ecartis Mailing List Manager > > http://www.ecartis.org/ > > and had found some potentially dangerous uses of the standard C > sscanf() function using FlawFinder: > > http://www.dwheeler.com/flawfinder/ > > I have now reviewed the situation more carefully and found that > the Ecartis use of sscanf() is in fact safe even though FlawFinder > flags it as a potential problem. <snipped> > So is this safe? Well, > > 1) fgets() is guaranteed to zero terminate the buffer and will not > overflow if the buffer size has been correctly specified. > 2) sizeof (buffer1) == sizef (buffer2), so the sscanf is also > guaranteed to avoid overflowing its destination buffer.
Great, so as long as 1) No-one changes the uncommented declarations of buffer1 and buffer2 so that they are different sizes. 2) No-one changes the fgets call to something else "to make it more modular", etc. then everything will be fine? Seems to me that these are _potentially_ dangerous uses of sscanf, but that could just be me. Cheers, Malcolm V. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
