|
|
|
|
|
|
by wybiral
2539 days ago
|
|
|
If I ever saw a project where someone wrote a fake wrapper around an insecure function that gave the illusion that it had proper checks in place (which is what's being described here) instead of using the actual function I would be concerned. And if I ever saw code where the size parameters weren't legit (as in someone used the same variable for both) I would also be concerned unless proper checks where taking place elsewhere. But it is a bad smell. That's the only point in that particular finding. They did detail other ways in which the whole development standards seem bad. And, yes, you can always shoot your own foot, but it's still best not to aim directly at it. |
|
|