advertisement

Article:
  Networking and the BSD Sockets API
Subject:   security error in client code
Date:   2003-01-13 11:42:51
From:   anonymous2
In the client code, you wrote:


printf( buffer );


this is vulnerable to the common "format-string security error" which is the second most common security error in C network software. The corrected line should read:


printf( "%s", buffer );


In addition, you invite a future security error by using hardcoded constants here:


char buffer[201];
...
while (n = read(sockfd, buffer, 200)) {


instead of:


#define BUFSIZE 200
...
char buffer[BUFSIZE + 1];
...
while (n = read(sockfd, buffer, BUFSIZE)) {


Please take care not to promulgate insecure C programming practices in the future.


1 to 1 of 1
  1. Give the author a break...
    2003-01-20 11:28:41  stevesheets [View]

1 to 1 of 1