Article delegate-en/296 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Y2000 & Security in Delegate 5.8.8
13 Feb 1999 16:12:23 GMT Luc Stepniewski <p7qaabdyi-p5lznxn7fbxr.ml@ml.delegate.org>


Hello,

I got no answer about my Y2000 question. So I looked by myself in 
the source.

About Y2000, I didn't find anything wrong, well, I'm no expert at
finding Y2000 bugs at all :-)
Most of year computations are in the Strftime.c.

Another thing I found (which really bother me) is about security of Delegate.
There are so many sprintf() and fixed size arrays declarations that I stopped
at the 10th ;-(
Well in fact ALL of your arrays are fixed size !
Most of your arrays are sized to 1024 bytes, so I guess I could easily
crash the Delegate server or get Delegate to execute some silly code.

Maybe you should take a look at the snprintf() function, and malloc() ?

Thanks,
Luc

____________________________________________________________________
More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V