[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another Netscape Bug (and possible security hole)
At 07:33 1995.09.22 GMT, Jeff Weinstein wrote:
>In article <[email protected]>, [email protected] (Ray Cromwell)
writes:
>> I've found a Netscape bug which I suspect is a buffer overflow and
>> may have the potential for serious damage. If it is an overflow bug,
>> then it may be possible to infect every computer which accesses a web
>> page with Netscape. To see the bug, create an html file containing
>> the following:
>
> Thanks for the report. I will make sure that this is fixed.
>
> --Jeff
Don't just look at this bug, though... check ALL your static buffers and
include code to check for overflow writes. For example, if Netscape is
written in C or C++ and the above code uses strcpy(), you could change
strcpy() to strncpy() everywhere (and then set the last char to null in case
strncpy() didn't). Your programmers will know what I mean.
Herb
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184
Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019