Subject: Re: exploit with memcpy()
To: Jason R Thorpe , Ed Ravin <>
From: Andrew Brown <>
List: tech-security
Date: 07/02/2002 14:14:17
> > If the fixes are common to multiple callers, then shouldn't the
> > fixes be in the libraries?  Isn't that what libraries are for
> > in the first place?
>I think I'm going to start passing NULL as the FILE * argument to
>fprintf() when I mean stderr; it's fewer letters to type.  I'll
>make sure to update libc accordingly.

perhaps, but you have to hold down the shift key while typing it, so
you don't really gain all that much.  you'd be better off breaking the
c compiler so that empty arguments in argument lists were passed as
zeroes.  then you could really win.  :)

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."