ftpget potential security problems

From: <carson@dont-contact.us>
Date: Fri, 2 Aug 1996 16:14:01 -0400

ftpget.c consistently writes data into a 128 character array using
sscanf. Unfortunately, it doesn't do any bounds checking, allowing a
malicious FTP server to cause a buffer overrun. <sigh> When will we ever
learn...

I'll try to submit some patches, but I may not have time before I leave for
Europe, so if somebody else wants to take a crack at it, please do so.

--
Carson Gaspar -- carson@cs.columbia.edu carson@lehman.com
http://www.cs.columbia.edu/~carson/home.html
<This is the boring business .sig - no outre sayings here>
Received on Fri Aug 02 1996 - 13:18:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:45 MST