Subject: Re: ssh buffer overflow / package?
To: Andrew Brown <>
From: Todd C. Miller <>
List: tech-security
Date: 11/02/1998 13:58:53
In message <>
	so spake Andrew Brown (twofsonet):

> on a personal note, i'm more concerned about the actual length of the
> string than the length it might have been had my buffer been bigger.

Then you cannot detect truncation.  The reason for returning the
size of the string if there was infinite space is to allow well-written
code to detect when there was not enough space and do something
about it.  Of course, since the return value can also be -1, you
should never use the return value of snprintf without checking first

 - todd