M.-A. Lemburg wrote: > Note that the version in Python does not result in *stack* overflows > which are the type of buffer overflow usually used in exploits. ... > The only attack on this kind of emulation is a denial of service > attack. That is a bold statement to make. It is also not true. Heap overflows _can_ be exploited to execute arbitrary code. I believe there was a phrack article a few years ago on the subject. > In the 3 cases where this API is used in Python, an overflow > is not possible (unless the native sprintf() implementation > is broken). That may be the case today but I'm sure that snprintf will start getting more use now that it is available. We really should have a better implementation than mysnprintf. Neil
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4