--=.DLrvhBqb9Wk+qx
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hi Thomas,

Caffeinate The World <mochaexpress@yahoo.com> wrote:
> --- Christian Biere <christianbiere@gmx.de> wrote:
> > Caffeinate The World <mochaexpress@yahoo.com> wrote:
> > 
> > > /* defensive programming  */

The following is *not* defensive.

> > >           sprintf(txt,"Chat server bind failure %d: %s\n",errno,
> > > sys_errlist[errno]);

Sorry, I didn't realize that you wrote the program yourself.

> I would benefit much from your  experience if you could tell me what
> mistake I made.

sprintf() is a well-known source for buffer overflows. In your case,
truncation would hardly be a problem. Thus, you should either use
snprintf() or at least "%.100s" instead of "%s" (Replace 100 with the
actual buffer size). In the latter case you have to keep carefully track
of the buffer size or you use a cpp definition together with the
stringify feature. You should not try to build the format string during
runtime.

This one might be of interest for you (ignore the L-word):
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html

-- 
Christian

--=.DLrvhBqb9Wk+qx
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE+jySy0KQix3oyIMcRAoZgAJ47jKZLhkjhsX6I9W5fA1+RFIgohgCgg+Mc
dBXBlcZfx6dNmDuXCdmRdWQ=
=XA/O
-----END PGP SIGNATURE-----

--=.DLrvhBqb9Wk+qx--