Subject: Re: ARGSUSED and friends
To: David Brownlee <email@example.com>
From: Dan Winship <danw@MIT.EDU>
Date: 01/14/2000 12:25:56
> A missed error return check which caused some severe problems.
Urk... yeah, actually there was a really nasty bug in the first
release of Kerberos telnet... the data being passed to one of the DES
library routines was (usually) invalid, and telnet wasn't checking the
return value. So the key schedule was left uninitialized and the code
ended up "encrypting" the data with a key of all zeros 99% of the
It would be nice though if lint knew that Bad Things can't happen if
you "forget" to check the return value of a printf or strcat, etc.