Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

petdance (2468)

AOL IM: petdance (Add Buddy, Send Message)
Yahoo! ID: petdance (Add User, Send Message)

I'm Andy Lester, and I like to test stuff. I also write for the Perl Journal, and do tech edits on books. Sometimes I write code, too.

Journal of petdance (2468)

Thursday November 21, 2002
12:30 PM

Hardcoded constants bite the best of 'em

[ #9062 ]
I'm amazed when I see widely-used, well-respected code using hardcoded constants. Today was no exception when I saw an alert about a potential buffer overflow in Samba 2.2.6.

The offending code:

--- libsmb/smbencrypt.c.orig    Tue Nov 19 17:21:57 2002
+++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
@@ -63,7 +63,7 @@
        if(len > 128)
                len = 128;
        /* Password must be converted to NT unicode - null terminated. */
-       dos_struni2((char *)wpwd, (const char *)passwd, 256);
+       dos_struni2((char *)wpwd, (const char *)passwd, len);
        /* Calculate length in bytes */
        len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.