[PLUG] How payloads are delivered by buffer overflow exploits
Rich Shepard
rshepard at appl-ecosys.com
Tue Sep 28 18:47:01 PDT 2004
On Tue, 28 Sep 2004, Bill Thoen wrote:
> ANY code on ANY platform that interacts with outside resources had better
> be VERY careful about using those oh-so-common functions like strcpy(),
> strcat(), gets(), and the like --functions that move data and trust, but
> don't verify.
gets() was deprecated by XJ311 but left in the standard to prevent broken
legacy code. Always use fgets(). Similarly, use strncpy().
Rich
--
Dr. Richard B. Shepard, President
Applied Ecosystem Services, Inc. (TM)
<http://www.appl-ecosys.com>
More information about the PLUG
mailing list