-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathUnboundedWrite.qhelp
More file actions
19 lines (15 loc) · 982 Bytes
/
UnboundedWrite.qhelp
File metadata and controls
19 lines (15 loc) · 982 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>The program performs a buffer copy or write operation with no upper limit on the size of the copy. An unexpectedly long input that reaches this code will cause the buffer to overflow. In addition to causing program instability, techniques exist which may allow an attacker to use this vulnerability to execute arbitrary code.</p>
</overview>
<include src="OverrunWriteRecommendation.inc.qhelp" />
<example>
<sample src="UnboundedWrite.c" />
<p>In this example, the call to <code>sprintf</code> may overflow <code>buffer</code>. This occurs if the argument <code>userName</code> is very long, such that the resulting string is more than the 80 characters allowed.</p>
<p>To fix the problem the call to <code>sprintf</code> should be replaced with <code>snprintf</code>, specifying a maximum length of 80 characters.</p>
</example>
<include src="OverrunWriteReferences.inc.qhelp" />
</qhelp>