The text of SDES items is not null-terminated, and manipulating SDES items in languages that assume null- terminated strings requires care. This is a particular problem with C-based implementations , which must take care to ensure that they use lengthchecking string manipulation functions ”for example, strncpy () rather than strcpy () . Careless implementations may be vulnerable to buffer overflow attacks. The text of SDES items is entered by the user, and thus it cannot be trusted to have safe values. In particular, it may contain metacharacters that have undesirable side effects. For example, some user interface scripting languages allow command substitution to be triggered by metacharacters, potentially giving an attacker the means to execute arbitrary code. Implementations should not assume that packets are well formed . For example, it might be possible for an attacker to produce packets whose actual length does not correspond to the expected length. Again, there is a potential for buffer overflow attacks against careless implementations. |