getenv() obfuscated for buffer overflow prevention?
Scott McClelland
smcclelland at san.rr.com
Thu Feb 17 23:46:26 PST 2005
As I said, "off the top of my head." Thanks for catching that.
I can't believe I still get confused over pointers. I ususally have to
print several versions of my vars to make sure I'm referencing the right
information.
> -----Original Message-----
> From: kplug-list-bounces at kernel-panic.org
> [mailto:kplug-list-bounces at kernel-panic.org]On Behalf Of Gabriel Sechan
> Sent: Tuesday, February 15, 2005 11:44 AM
> To: kplug-list at kernel-panic.org
> Subject: Re: getenv() obfuscated for buffer overflow prevention?
>
>
>
>
> >From: Scott McClelland <scottm at qualcomm.com>
> >
> >Change (off the top of my head, without testing):
> >char * username=getenv("USER");
> >fprintf(log_file, "By user %s \n" &username, );
> >
> The & is not needed. With the & you're passing a char ** instead of a
> char*, and will have a bad memory error of some sort.
>
>
> Gabe
>
>
> --
> KPLUG-List at kernel-panic.org
> http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
More information about the KPLUG-List
mailing list