Anibal L. Sacco wrote:
> The vulnerabilities are caused due to boundary errors when reading
> the player's name in pl_main.c
>
> code segment:
> printf("Your name, Captain? ");
> fflush(stdout);
> fgets(captain, sizeof captain, stdin);
> if (!*captain)
> strcpy(captain, "no name");
> else
> captain[strlen(captain) - 1] = '\0';
> }
>
> Being captain initialized as: char captain[80].sizeof(captain) is 80 so fgets reads in at most 79 characters. The trailing NULL will be added as the 80th character which still seems to be within the array size to me. > There is some similar issues in Tetris, and Hack too. Well feel free to provide the details of those issues. -- see shy jo
signature.asc
Description: Digital signature
