|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: WuFTPD: Providing *remote* root since at least1994
From: Henrik Nordstrom (hno
HEM.PASSAGEN.SE)Date: Wed Jun 28 2000 - 01:51:58 CDT
- Next message: Philip Stoev: "Re: Force Feeding"
- Previous message: Matthew Kirkwood: "Re: Linux capability bounding set weakness"
- In reply to: der Mouse: "Re: WuFTPD: Providing *remote* root since at least1994"
- Next in thread: Theo de Raadt: "Re: WuFTPD: Providing *remote* root since at least1994"
- Next in thread: Bernd Luevelsmeyer: "Re: WuFTPD: Providing *remote* root since at least1994"
- Next in thread: Lars Mathiesen: "Re: WuFTPD: Providing *remote* root since at least1994"
- Reply: Henrik Nordstrom: "Re: WuFTPD: Providing *remote* root since at least1994"
- Reply: Theo de Raadt: "Re: WuFTPD: Providing *remote* root since at least1994"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
der Mouse wrote:
> And - IMO, of course - an snprintf that doesn't NUL-terminate is past
> that point.
Unless it at the same time returns an error, which I presume most do
when they have to truncate the result. In case of error it can and
should be expected that the result is a bit undefined..
I have so far seen four alternatives:
a) Returns -1 and raw truncate without \0
b) Returns -1 and truncate with a \0
c) Returns the total needed amount of characters and truncate with a \0
d) snprintf not existing at all
So you should be safe if you properly handle the error status of
snprintf and act upon it either by growing the buffer as needed or
making sure that the result is \0 terminated, or if you include your own
version unless the target system is detected to be of type (b) or (c).
-- Henrik Nordstrom
- Next message: Philip Stoev: "Re: Force Feeding"
- Previous message: Matthew Kirkwood: "Re: Linux capability bounding set weakness"
- In reply to: der Mouse: "Re: WuFTPD: Providing *remote* root since at least1994"
- Next in thread: Theo de Raadt: "Re: WuFTPD: Providing *remote* root since at least1994"
- Next in thread: Bernd Luevelsmeyer: "Re: WuFTPD: Providing *remote* root since at least1994"
- Next in thread: Lars Mathiesen: "Re: WuFTPD: Providing *remote* root since at least1994"
- Reply: Henrik Nordstrom: "Re: WuFTPD: Providing *remote* root since at least1994"
- Reply: Theo de Raadt: "Re: WuFTPD: Providing *remote* root since at least1994"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]