[Announce] GnuPG 1.4 and 2.0 buffer overflow
Werner Koch
wk at gnupg.org
Thu Nov 30 11:50:10 CET 2006
On Wed, 29 Nov 2006 17:32, christianbiere at gmx.de said:
> Also replacement implementations for snprintf() have been around for years
> and vsnprintf() can be used to write your own asprintf() in about 5 lines.
va_copy is not a standard function/macro and actually missing on a lot
of systems or again buggy. Without that you can implement neither
asprintf nor your proposed astrcat - unless you want to resort to
realloc chains.
Instead of repeating these old discussions over and over again, I
wonder why people don't look at the code to figure out the flaws. A
bug lurking for 7 years and not detected by thousands of eyeballs
scrutinizing every line of free code? SCNR.
Salam-Shalom,
Werner
More information about the Gnupg-devel
mailing list