[SDL] (Off Topic) Re: problem with using socket from SDL_Net SDLNet_TCP_Accept
John Silicon
jsilicon at earthlink.net
Thu Mar 1 15:17:54 PST 2007
Slightly off-topic (but I'm sending it to the list because everybody should
know this!):
When using *scanf to read a string, always make sure you use the "%NNNs"
format specifier, where 'NNN' is the length of the character buffer you are
passing in. Especially when we're talking about networking code. Laziness
and being less-than-specific are some of the quickest ways to creating
buffer-overflow bugs and vulnerabilities (the only quicker way is to
purposefully create one).
Here's a link to the best list of anti-buffer-overflow tips I've found:
http://www.ibm.com/developerworks/library/s-buffer-defend.html<http://www-128.ibm.com/developerworks/library/s-buffer-defend.html>
- Silicon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.libsdl.org/pipermail/sdl-libsdl.org/attachments/20070301/5368a7ed/attachment.html
More information about the SDL
mailing list