[PLUG] How payloads are delivered by buffer overflow exploits
rshepard at appl-ecosys.com
Tue Sep 28 18:47:01 PDT 2004
On Tue, 28 Sep 2004, Bill Thoen wrote:
> ANY code on ANY platform that interacts with outside resources had better
> be VERY careful about using those oh-so-common functions like strcpy(),
> strcat(), gets(), and the like --functions that move data and trust, but
> don't verify.
gets() was deprecated by XJ311 but left in the standard to prevent broken
legacy code. Always use fgets(). Similarly, use strncpy().
Dr. Richard B. Shepard, President
Applied Ecosystem Services, Inc. (TM)
More information about the PLUG