OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: WuFTPD: Providing *remote* root since at least1994
From: der Mouse (mouseRODENTS.MONTREAL.QC.CA)
Date: Sun Jun 25 2000 - 10:15:19 CDT

>> - sprintf(buf, "index %s", (char *) $6);
>> + snprintf(buf, MAXPATHLEN, "index %s", (char *) $6);
> And it is not needed, since there is a 512 char limit on network
> input and MAXPATHLEN is generally about 2K

"generally"? Can you be certain it always is? Otherwise, you need the
check...and it may be a good idea to check anyway.

> Not to mention that could still be overflowable. snprintf() doesn't
> null terminate.

Then IMO it's broken - what's your reference for thinking it doesn't?
The only snprintf manpage I have at hand (NetBSD's) says

     snprintf() and vsnprintf() will write at most size-1 of the characters
     printed into the output string (the size'th character then gets the ter-
     minating `\0'); if the return value is greater than or equal to the size
     argument, the string was too short and some of the printed characters
     were discarded.

                                        der Mouse

                               mouserodents.montreal.qc.ca
                     7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B