In article <20030405181521.48962.qmail@web13903.mail.yahoo.com> you write:
>
>--- Christian Biere <christianbiere@gmx.de> wrote:
>> Caffeinate The World <mochaexpress@yahoo.com> wrote:
>> 
>> > /* defensive programming  */
>> >           sprintf(txt,"Chat server bind failure %d: %s\n",errno,
>> > sys_errlist[errno]);
>> 
>> Some people will never understand...
>
>Hi Christian,
>
>I'm a clueless new programmer. I would benefit much from your
>experience if you could tell me what mistake I made. "Some people will
>never understand" left me at square one, still clueless and staring at
>the screen.

You're using sprintf with %s, for a start, and passing a string whose length
you don't know (since sys_errlist is provided by the system), so that's a
buffer overrun waiting to happen.  You then pass the buffer to a function
whose name suggests that it's printf-like, but you pass it as what is
presumably a format string, so any % characters in sys_errlist[errno] will
cause havoc.  Of course, the best bit is that you then call this "defensive
programming".

At the very least, you should be using snprintf(), and probably strerror()
as well.  If util_printf() really is printf-like, you should be using it
directly and not messing around with an intermediate buffer at all.

If you do this kind of thing with strings from the client, expect to find
yourself on BugTraq.

Come to think of it, consider writing in a language other than C.  For all
its advantages, C's really not good at safe string handling.

-- 
Ben Harris                                                   <bjh21@netbsd.org>
Portmaster, NetBSD/acorn26           <URL:http://www.netbsd.org/Ports/acorn26/>