OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: WuFTPD: Providing *remote* root since at least1994
From: der Mouse (mouseRODENTS.MONTREAL.QC.CA)
Date: Mon Jun 26 2000 - 15:01:43 CDT

>>> snprintf() doesn't null terminate.
>> Then IMO it's broken [...]
> There was quite a bit of discussion about [this] [...]
> You need to do a mystring[sizeof(mystring)-1]='\0' after the call to
> be on the safe side.

As I remarked to someone else privately (that message wasn't sent to
bugtraq), there comes a point where you have to say "your system's
version of foo() is so broken I'm not going to try to work around its
bugs".

And - IMO, of course - an snprintf that doesn't NUL-terminate is past
that point.

> I also _think_ I remember posts saying that ANSI C doesn't require
> snprintf() to null terminate. (Don't quote me on that though)

Well, IIRC snprintf() isn't specified by ANSI C at all, which would
make this technically true but rather misleading.

Of course, it's been a while since I made any effort to bring my
knowledge of ANSI/ISO C up to current, so this could well have changed.

Regardless of what ANSI may say, though, I still consider it a serious
bug for snprintf() to fail to NUL-terminate, except when the size
parameter is zero.

                                        der Mouse

                               mouserodents.montreal.qc.ca
                     7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B