[148959] in cryptography@c2.net mail archive
Re: [Cryptography] defaults, black boxes, APIs,
daemon@ATHENA.MIT.EDU (Jerry Leichter)
Tue Jan 7 13:11:12 2014
X-Original-To: cryptography@metzdowd.com
From: Jerry Leichter <leichter@lrw.com>
In-Reply-To: <alpine.BSO.2.03.1401061235330.23755@astro.indiana.edu>
Date: Tue, 7 Jan 2014 07:09:18 -0500
To: Jonathan Thornburg <jthorn@astro.indiana.edu>
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Jan 6, 2014, at 4:01 PM, Jonathan Thornburg wrote:
> Indeed, how many binaries on *your* laptop still use gets() and sprintf()?
gets() is a total loss.
sprintf() can actually be used safely - but it's much, much harder than people realize. I used sprintf() to implement a collection of C++ functions to format the built-in types. All the power of sprintf() was there, but in a controlled, type-safe fashion - e.g., length and precision were passed as integer arguments, and were range-checked.
An interesting question to ask in this context: In the call sprintf(buf, "%f", x) - how large does buf have to be to guarantee there is no buffer overflow. (I no longer remember the exact number, but its something like 350! Almost all the digits printed are noise, of course, but printf doesn't care. Obvious once you think about it through - but people rarely do).
Nevertheless, since snprintf() is universally available these days (it wasn't when I wrote that C++ code) there's no excuse for sprintf().
-- Jerry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
