How not to prevent buffer overflows.



  • A while back, I encountered some... interesting code. Since the bug in question is long since fixed and the broken version is no longer in use anywhere, here it is (lightly anonymised and with some irrelevant error handling removed):

    char buf[2048];

    fscanf( file, "%[^\n]", buf );

    MyString name = buf;

    MyString::truncate(name, 63);


    The coder obviously realised that the input could be longer than it should be, but didn't quite grasp the full implications. What's more, the code had allegedly just been audited for security holes. (In case you were wondering, yes, this could be exploited remotely for arbitrary code execution. It wasn't the only dubious fscanf, either, though most of them did actually have proper size limits set.)



  • LOL it's the coding equivalent of the "security" they've installed at our nation's airports the last few years...


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.