Replace unsafe C functions like strcpy with safer alternatives #556
Comments
|
@darighost such a PR would be welcome, we shouldn't be using the unchecked versions of those string functions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Inspired by urbit/archaeology#71, there are numerous calls to
strcpy(),sprintf(), and other "unsafe" functions. Many of these are harmless...but a few actually seem feasibly exploitable! Kinda!In any case, in my fork (https://github.com/darighost/vere) I replaced all of the calls to
strcpy(),sprintf()with calls tosnprintfinstead. It's also possible I'm breaking a bunch of stuff without realizing. My fork compiles and I ran it and did Urbit stuff but who knows, there's an infinite amount of behavior I didn't test so yeah.If this is desired, I'd also like to replace some other functions as well. But I wanted to check, is this even a change you guys want? Also, I'm using this as a chance to "practice" contributing to this repo, so please let me know if I should be doing something differently.
Thanks!
PS: I know, I know, we're all awaiting Ares with bated breath. What can I say. I also like PHP and Visual Basic 5, sue me.
The text was updated successfully, but these errors were encountered: