Hacker News new | ask | show | jobs
by idlewan 4341 days ago
Yes, it uses lots of strcpy and sprintf instead of strncpy, snprintf or strlcpy. It's bound to be exploited.
2 comments
meowface 4341 days ago
Not only just that, but it seems in many cases there is absolutely no bounds checking whatsoever. There are legacy libraries out there that use the str* group of functions safely, because there is careful bounds checking before each call. That's still far less reassuring than just using safe functions, but it's better than absolutely nothing.

Based on the inconsistent use of tabs and spaces, lack of whitespace around any sort of operators or special syntax, and total disregard for security, this looks much more like a 1995 project than a 2014 one.

link
eq- 4341 days ago
It depends. It's not like there's no safe way of using strcpy and sprintf.
link
pconner 4341 days ago
The safe way to use strcpy is to use strncpy
link
abadcafe 4341 days ago
no,strncpy is worse than strcpy,the right way is strlcpy.
link
gandalf013 4340 days ago
http://benpfaff.org/writings/clc/strncpy.html
link