Of course if there is code, allowing buffer overflow, then it should be 
corrected (or is it done already in 3.5?). I took quick look into 
optin.c and it seems that there are indeed some strcpy calls without 
bounds check and some strncpy calls without writing terminator to copy 
string (AFAIK strncpy does not put '\0' to end of copy, if source string 
length is equal or greater than given value).

Post a reply to this message