Mail Archives: cygwin/2008/12/03/21:27:39

www.delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2008/12/03/21:27:39

X-Recipient: archive-cygwin AT delorie DOT com

X-Spam-Check-By: sourceware.org

X-Authority-Analysis: v=1.0 c=1 a=bJIJG6xM5qMA:10 a=W2Cyk0x8aJkA:10 a=xe8BsctaAAAA:8 a=T4IyNgoOHR77GcBF0pcA:9 a=55M7rG-e_8t9i0SkTbi5Vp3rgLQA:4 a=eDFNAWYWrCwA:10 a=rPt6xJ-oxjAA:10

Message-ID: <49373FE4.3080405@byu.net>

Date: Wed, 03 Dec 2008 19:26:44 -0700

From: Eric Blake <ebb9 AT byu DOT net>

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081105 Thunderbird/2.0.0.18 Mnenhy/0.7.5.666

MIME-Version: 1.0

To: cygwin AT cygwin DOT com, mring111 AT yahoo DOT com

Subject: Re: Using -mno-cygwin causes different program behavior

References: <20825507 DOT post AT talk DOT nabble DOT com>

In-Reply-To: <20825507.post@talk.nabble.com>

X-IsSubscribed: yes

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to C-Programmer on 12/3/2008 6:29 PM:
>   char name[25];
>   gets( name );

PS. This is a _disaster_ waiting to happen.  You just coded a buffer
overflow exploit, where someone can supply a name with more than 25 bytes,
and in so doing, overwrite the stack return pointer to jump into arbitrary
code and thus execute whatever they want using your program as the
gateway.  PLEASE don't write code this evil in real life.  Use getline(),
fgets(), fread(), properly-written fscanf(), or the like, but NEVER gets().

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk3P+QACgkQ84KuGfSFAYDh2ACfSsrD2vc1vBj3LdDC2DzvD8Z/
LHIAoLI76s26ASySD9+CVAgy6e5uQ+3W
=jv+5
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
X-Spam-Check-By:	sourceware.org
X-Authority-Analysis:	v=1.0 c=1 a=bJIJG6xM5qMA:10 a=W2Cyk0x8aJkA:10 a=xe8BsctaAAAA:8 a=T4IyNgoOHR77GcBF0pcA:9 a=55M7rG-e_8t9i0SkTbi5Vp3rgLQA:4 a=eDFNAWYWrCwA:10 a=rPt6xJ-oxjAA:10
Message-ID:	<49373FE4.3080405@byu.net>
Date:	Wed, 03 Dec 2008 19:26:44 -0700
From:	Eric Blake <ebb9 AT byu DOT net>
User-Agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081105 Thunderbird/2.0.0.18 Mnenhy/0.7.5.666
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com, mring111 AT yahoo DOT com
Subject:	Re: Using -mno-cygwin causes different program behavior
References:	<20825507 DOT post AT talk DOT nabble DOT com>
In-Reply-To:	<20825507.post@talk.nabble.com>
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com