HI all,
It just occurred to (a link between exploiting which has been going on and a warning I’m getting), when I compile EQEmu in VS 2k5 (following the guide) I get the following warnings:
Warning 1 warning C4996: 'sprintf' was declared deprecated c:\eqemu-0.7.0-1034\common\sharedlibrary.cpp 110
Which, originally I just wrote off as *nix being compiled on windows and didn’t give it much thought... well that was silly of me.
sprintf is unsafe and can be exploited with buffer overflows.
What’s a buffer overflow? In short, it’s when a block of data in written to a buffer that is too small.
I.e. writing 10 chars to a buffer which can only handle 8 chars.
The solution for this (at least on windows) is to use sprtinf_s.
Or for a more generic solution (cross platform) snprintf which ahs these safety checks.
What’s people’s ideas / thoughts?
- froglok
P.S for more information about buffer overflows, see
http://en.wikipedia.org/wiki/Buffer_overflow