|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Wednesday, 10 November 1999||Author: Quentin Cregan|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Std View]|
"Today I glanced at the thttpd 2.04 source code, wondering how seriously thttpd parsed HTTP If-Modified-Since fields. I was horrified to see that tdate_parse() scans %[a-zA-Z] into a fixed-size stack buffer." The original post to VULN-DEV is here, and the follow up containing a URL for the latest version and patch is here.