186
edits
Line 36: | Line 36: | ||
* Use C-string functions with fixed write buffers whenever possible to avoid buffer overflows. | * Use C-string functions with fixed write buffers whenever possible to avoid buffer overflows. | ||
* Perform range/bounds checks on all data received from remote that could cause problems, especially those that specify an amount of data to be handled. | |||
For example, use snprintf() instead of sprintf() and strncpy() instead of strcpy(). | For example, use snprintf() instead of sprintf() and strncpy() instead of strcpy(). |
edits