Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added related vul for cve 2009-1888

...

This solution is still problematic in that a buffer overflow will occur if the null-terminated byte string referenced by msg is greater than 17 bytes, including the NULL terminator. The solution also makes use of a "magic number," which should be avoided (see DCL06-C. Use meaningful symbolic constants to represent literal values in program logic).

Compliant Solution

In this solution, the magic number is abstracted and the buffer overflow is eliminated.

...