[PLUG] How payloads are delivered by buffer overflow exploits

Rich Shepard rshepard at appl-ecosys.com
Tue Sep 28 18:47:01 PDT 2004


On Tue, 28 Sep 2004, Bill Thoen wrote:

> ANY code on ANY platform that interacts with outside resources had better
> be VERY careful about using those oh-so-common functions like strcpy(),
> strcat(), gets(), and the like --functions that move data and trust, but
> don't verify.

   gets() was deprecated by XJ311 but left in the standard to prevent broken
legacy code. Always use fgets(). Similarly, use strncpy().

Rich

-- 
Dr. Richard B. Shepard, President
Applied Ecosystem Services, Inc. (TM)
<http://www.appl-ecosys.com>




More information about the PLUG mailing list