OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: WuFTPD: Providing *remote* root since at least1994
From: Carson Gaspar (carsonTLA.ORG)
Date: Tue Jun 27 2000 - 16:31:29 CDT

>>>>> "Mouse" == der Mouse <mouseRODENTS.MONTREAL.QC.CA> writes:

>> Not to mention that could still be overflowable. snprintf() doesn't
>> null terminate.

Mouse> Then IMO it's broken - what's your reference for thinking it doesn't?
Mouse> The only snprintf manpage I have at hand (NetBSD's) says

The behaviour of snprintf() has _changed_. The evil forces of POSIX (as
opposed to the benign forces of POSIX) changed the semantics without
changing the function name. They never learn...

So, if you use snprintf() in portable code, you must either:

- Check to see if it null-terminates
- Check to see what value it returns (number of bytes copied? number of
bytes it _would_ have copied, if bufflen was infinite? -1 (what's errno)? 0?)
- Write some wrapper function that handles all possible combinations of the
above behaviours

or:

- Use your own portable snprintf() replacement

Life just really sucks sometimes. 

--
Carson Gaspar -- carsontla.org
Queen Trapped in a Butch Body