[148953] in cryptography@c2.net mail archive
Re: [Cryptography] defaults, black boxes, APIs,
daemon@ATHENA.MIT.EDU (Bill Frantz)
Mon Jan 6 20:36:37 2014
X-Original-To: cryptography@metzdowd.com
Date: Mon, 6 Jan 2014 17:08:08 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <alpine.BSO.2.03.1401061235330.23755@astro.indiana.edu>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 1/6/14 at 1:01 PM, jthorn@astro.indiana.edu (Jonathan
Thornburg) wrote:
>Indeed, how many binaries on *your* laptop still use gets() and sprintf()?
Well, it is barely possible to use sprintf() securely, although
it is hard and very error prone. I would prefer to be counting
hollerith fields in Fortran II format statements. (At least with
format statements you are likely to find out quickly that you
miscounted.) There is no hope for gets().
-----------------------------------------------------------------------
Bill Frantz | gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345
Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
