NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.
All the Perl that's Practical to Extract and Report
use Perl Log In
petdance (2468)
petdance
andy@petdance.com
http://www.perlbuzz.com/
AOL IM: petdance (Add Buddy, Send Message)
Yahoo! ID: petdance (Add User, Send Message)
Jabber: petdance@gmail.com
I'm Andy Lester, and I like to test stuff. I also write for the Perl Journal, and do tech edits on books. Sometimes I write code, too.
andy@petdance.com
http://www.perlbuzz.com/
AOL IM: petdance (Add Buddy, Send Message)
Yahoo! ID: petdance (Add User, Send Message)
Jabber: petdance@gmail.com
I'm Andy Lester, and I like to test stuff. I also write for the Perl Journal, and do tech edits on books. Sometimes I write code, too.
Thursday November 21, 2002
12:30 PM
Hardcoded constants bite the best of 'em
I'm amazed when I see widely-used, well-respected code using hardcoded constants. Today was no exception when I saw an
alert about a potential buffer overflow in Samba 2.2.6.
The offending code:
--- libsmb/smbencrypt.c.orig Tue Nov 19 17:21:57 2002
+++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
@@ -63,7 +63,7 @@
if(len > 128)
len = 128;
/* Password must be converted to NT unicode - null terminated. */
- dos_struni2((char *)wpwd, (const char *)passwd, 256);
+ dos_struni2((char *)wpwd, (const char *)passwd, len);
/* Calculate length in bytes */
len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
--Larry Wall in stab.c from the perl source code
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.
Hardcoded constants bite the best of 'em 0 Comments More | Login | Reply /