unsafe C functions (CVE-2009-1252)

Posted by Nico Golde in
Tuesday, May 19. 2009

There are a lot of discussions out there whether functions like strcpy are dangerous and shouldn't be used in C programs.
But Heise security made my day:

The problem is caused by the use of the unsafe C function printf in crypto_recv in ntpd/ntp_crypto.c.

Beware of the evil printf!

Im rather disappointed by the overall quality of the heise security news anyway but of course they seem to have misread the original advisory and the bug report. They mean sprintf

EDIT: they fixed it

Comments (0) - Trackbacks (0)

Defined tags for this entry: bugs, heise, ntp, rant, security, software

Related entries by tags:

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets. E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above: You can use [geshi lang=lang_name [,ln={y\|n}]][/geshi] tags to embed source code snippets.
	Remember Information?

unsafe C functions (CVE-2009-1252)

nion's blog

unsafe C functions (CVE-2009-1252)

Calendar

Quicksearch

Support

Recent Entries

Archives

Syndicate This Blog

Categories

Tag cloud