Security Audit, was Re: [crossfire] Server release?
tchize
tchize at myrealbox.com
Sat Apr 16 05:51:03 CDT 2005
I fixed this a few time ago (i think). This was related to server dying on a
sigpipe on abrupt connection close.
Just one note, on security.
Every part of the code is subject to strings overflows. I have seen countless
calls to sprintf instead of snprintf, which is inherently unsecure. Some
parts of those calls involve datas provided by client.
Le Vendredi 15 Avril 2005 22:25, Alex Schultz a écrit :
Andrew Fuchs wrote:
>
Anyone want to to a security audit first? And give server admins a
>
fair warning before it happens...
Well... I do remember seeing a little back that one person (can't
remember who) was connecting to crossfire on metalforge via telnet going
to the cf port, and was able to chat etc. however the server crashed
when he tried to close telnet in a certain way (can't exactly remember
how...)
_______________________________________________
crossfire mailing list
crossfire at metalforge.org
http://mailman.metalforge.org/mailman/listinfo/crossfire
--
--
David Delbecq
d.delbecq at laposte.net
Public PGP KEY FINGERPRINT:
F4BC EF69 54CC F2B5 4621 8DAF 1C71 8E6B 5436 C17C
Public PGP KEY location:
http://wwwkeys.pgp.net:11371/pks/lookup?op=index&search=tchize
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x5436C17C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://shadowknight.real-time.com/pipermail/crossfire/attachments/20050416/1a0906bc/attachment.pgp
More information about the crossfire
mailing list