November 25th, 2003

  • evan

(no subject)

(feh, messed this up once.
and somehow i don't actually own this community? so i made it friends-only and now i can't get the post back?)

Spot the security hole (from conjecture):
struct header {
    int cmd, id, len;


struct header hdr;
char buf[1024], ubuf[1024];
if(read(sock, &hdr, sizeof(hdr)) != sizeof(hdr))
if(hdr.len < sizeof(hdr) || hdr.len > 1024)
read(sock, buf, hdr.len);
buf[1023] = 0;
snprintf(ubuf, sizeof(ubuf), "command was %s", buf);