|
|
|
|
|
|
by stevekemp
2291 days ago
|
|
|
Years ago I reported a security bug (CVE-2004-0103) in the nethack-like game "crawl". In that case it involved copying the contents of an environmental variable into a fixed size buffer. I've just checked my bug report, where I wrote: Demonstrating this bug is quite challenging as it involves: * Finding pizza. * Eating the pizza and having a two in three chance of your message (getenv( "CRAWL_PIZZA")) being used. Fun memories; I should audit some more code soon. |
|
|