OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Secure coding in C (was Re: Administrivi

Re: Secure coding in C (was Re: Administrivia #4883)

Subject: Re: Secure coding in C (was Re: Administrivia #4883)
From: Tellier, Brock (btellierUSA.NET)
Date: Thu Jan 20 2000 - 13:42:30 CST

In message <<A HREF="mailto:Pine.LNX.4.03.10001161207550.7428-100000brian.citynet.net">Pine.LNX.4.03.10001161207550.7428-100000brian.citynet.net</A>> Brian Masney writes:
: On some UNIX systems, snprintf does not guarentee that it will nul
: terminate the string. I know on some older versions of libc5 (sorry,
: don't have an exact version), if the buffer you was writing to got to the
: max size you passed it, it would stop there without adding the nul. So,
: you'll run into problems later on if you pass it to a string
: function (like strcpy())

>snprintf is *DEFINED* to NUL terminate the string. Systems >that don't
>do this are broken. That's why it is used as widely as it >is.

From the Solaris 7 snprintf man page:

The snprintf() function is identical to sprintf()
with the addition of the argument n, which specifies
the size of the buffer referred to by s. The buffer is terminated with the null byte only if space is available.
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^

Meaning that one shouldn't copy more than bufsize - 1 bytes or risk a bof later on.

Brock Tellier
UNIX Systems Administrator
Chicago, IL, USA
btellierusa.net

This archive was generated by hypermail 2b27 : Fri Jan 21 2000 - 01:41:15 CST