[lug] Security notice and Ramen
Sean Reifschneider
jafo at tummy.com
Tue Jan 23 21:25:05 MST 2001
On Tue, Jan 23, 2001 at 05:03:28PM -0700, D. Stimits wrote:
>A similar scenario for some of the C++ STL containers. I could imagine
>someone trying to buffer overflow a std::string for someone with a 56k
DJB has an RFC or the like for "net strings". A net string is:
11:hello world,
So, you know right up front wether you should accept the string. I use them
in a bunch of my own network and file IO. Of course, your implementation
has to understand that reading of the length is also length-limited
(mine is, of course). Otherwise you could just write a bunch of zeros and
fill up memory.
Sean
--
Microsoft treats objects like women, man...
-- Kevin Fenzi, paraphrasing the Dude, 1998
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the LUG
mailing list