Re: CVS commit: syssrc

To: Assar Westerlund <assar%sics.se@localhost>
Subject: Re: CVS commit: syssrc
From: Allen Briggs <briggs%ninthwonder.com@localhost>
Date: Sun, 5 Dec 1999 10:53:38 -0500

> > Make sure we have a big enough buffer to sprintf into (noticed by
> > deraadt%openbsd.org@localhost).
> Why not use snprintf instead?

In many cases, just substituting snprintf() for sprintf() will fix
an overflow, but leave the code just as broken (but not exploitably
so, perhaps).  Of course, I'd rather have the overflows fixed than
not, but I'd much rather have code that was designed to prevent or
at least handle the overflows in the first place.

Well-written software should rarely need snprintf() to protect itself.

-allen

Follow-Ups:
- Re: CVS commit: syssrc
  - From: Matthew Jacob

Prev by Date: CVS commit: syssrc
Next by Date: CVS commit: basesrc
Previous by Thread: CVS commit: syssrc
Next by Thread: Re: CVS commit: syssrc
Indexes:

Home | Main Index | Thread Index | Old Index