From: Joe McAlerney (joey@silicondefense.com)
Date: Fri Jul 07 2000 - 16:40:52 EDT
Hello Daniel,
I was wondering about the precautions taken to avoid such caterstrophic
things as buffer overflows and the like in libxml. Since libxml is
widely portable, I'm assuming that efforts have been made to avoid using
secure OS specific functions. I noticed in some places that you use
snprintf if it is available, and sprintf if it is not. Obviously you
have put thought into this issue as well, and have coded accordingly.
We want to use libxml in a project, and just wanted to get a sense of
how it may hold up against something like a rogue xml document being fed
into the parser. Unfortunately, I don't have enought experience to do a
full audit of the code. If you can provide any insite on this subject,
it would be most appreciated.
Thank you for your time,
Joe McAlerney
Silicon Defense, Inc.
---- Message from the list xml@xmlsoft.org Archived at : http://xmlsoft.org/messages/ to unsubscribe: echo "unsubscribe xml" | mail majordomo@xmlsoft.org
This archive was generated by hypermail 2b29 : Wed Aug 02 2000 - 12:30:22 EDT