[htdig3-dev] ITS4 Results (redux)


Subject: [htdig3-dev] ITS4 Results (redux)
From: Geoff Hutchison (ghutchis@wso.williams.edu)
Date: Tue Feb 29 2000 - 21:35:59 PST


As Gilles pointed out, the attachment didn't seem to go last time.
Here it is again, along with a small sample.

-Geoff

./htcommon/DocumentRef.cc
./htcommon/DocumentRef.cc:279:(Low Risk) memcpy
Low risk of buffer overflows.
Make sure that your buffer is really big enough to handle a max len string.
[...]

./htcommon/DocumentDB.cc
./htcommon/DocumentDB.cc:354:(Risky) fopen
Can lead to process/file interaction race conditions (TOCTOU category B)
Manipulate file descriptors, not symbolic names, when possible.
[...]

./htcommon/HtSGMLCodec.cc

[...]

./htcommon/URL.cc
./htcommon/URL.cc:86:(Risky) remove
Can lead to process/file interaction race conditions (TOCTOU category A)
Manipulate file descriptors, not symbolic names, when possible.
[...]
./htcommon/URL.cc:685:(No Risk) sscanf
This function is high risk for buffer overflows
Use precision specifiers, or do your own parsing.



------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
htdig3-dev-unsubscribe@htdig.org
You will receive a message to confirm this.



This archive was generated by hypermail 2b28 : Tue Feb 29 2000 - 21:41:19 PST