On Wednesday, August 20 2014, Hádrian R wrote:
> Hi, I'm Kaiwaiata, since more than 2h searching and finding various
> possible vulnerabilities in source code of GDB..
> I will tell you one vulnerability now, if they treat me well I will tell
> the other..
Hello Kaiwaiata,
Thanks for the message. However, this list is not used by GDB folks
anymore. I recommend you to post your message on <
g...@sourceware.org>.
> unsafe use of *strcpy()* in *int net_open (.. ..){**:*
>
> *gdb-7.8.tar\gdb\ser-tcp.c:*
> * line 187: *strncpy (hostname, name, tmp);
> * line 187: *strcpy (hostname, "localhost");
You could even post a patch fixing this, if you want. To do that, send
the patch to <
gdb-p...@sourceware.org>.
Thanks,
--
Sergio
GPG key ID: 0x65FC5E36
Please send encrypted e-mail if possible
http://sergiodj.net/