You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code uses sprintf() function, which has no integrated bounds checks. This has been considered a poor practice for both security and stability for many years.
On a hunch, I tracked the maximum bytes that would be written to a fixed buffer. The largest output would be >1400 characters, while the buffer is only 1024 bytes. All updates were using sprintf(), starting at an offset based on how much buffer was already used. None of these calls had any overflow prevention logic.
Therefore, it is STRONGLY recommended to:
immediately deprecate the unsafe string functions, to generate compilation warnings when they are used.
multiple small commits, each moving a few unsafe string function calls to the corresponding safe version.
upon reaching zero usage of unsafe string functions, change the deprecation into compilation failures to prevent their accidental re-introduction.
The code uses
sprintf()function, which has no integrated bounds checks. This has been considered a poor practice for both security and stability for many years.On a hunch, I tracked the maximum bytes that would be written to a fixed buffer. The largest output would be >1400 characters, while the buffer is only 1024 bytes. All updates were using
sprintf(), starting at an offset based on how much buffer was already used. None of these calls had any overflow prevention logic.Therefore, it is STRONGLY recommended to:
Potential list of functions to deprecate, and potential replacements, can be found in the "Secure Development Lifecycle excerpt".
The text was updated successfully, but these errors were encountered: