[4886] in bugtraq
Re: [linux-security] so-called snprintf() in db-1.85.4 (fwd)
daemon@ATHENA.MIT.EDU (Joe Zbiciak)
Thu Jul 10 06:24:48 1997
Date: Thu, 10 Jul 1997 04:46:09 -0500
Reply-To: Joe Zbiciak <jzbiciak@DALDD.SC.TI.COM>
From: Joe Zbiciak <jzbiciak@DALDD.SC.TI.COM>
X-To: aleph1@DFW.NET
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.970709043855.21444A-100000@dfw.dfw.net> from
"Aleph One" at Jul 9, 97 04:39:06 am
'Aleph One' said previously:
|
| Hi,
|
| There is a severe problem with the db-1.85.4 library's Linux
| port that can be found on sunsite.unc.edu under
| /pub/Linux/libs/db-1.85.4-src.tar.gz (sp?): This library
| contains a "snprintf" function which breaks down to a common
| sprintf, ignoring the size parameter. [...]
The old Linux libbsd (whose source is included in a subdirectory
of the libc source) had such an snprintf as well. I would imagine
anybody linking against an old libbsd would have this same
problem.
To quote the source file:
/* snprintf.c - emulate BSD snprintf with sprintf - rick sladkey */
#include <stdio.h>
#include <stdarg.h>
int snprintf(char *s, int len, char *format, ...)
{
You are trying to do something very wrong.
Don't use this source if you want to stay alive!
va_list args;
int result;
va_start(args, format);
result = vsprintf(s, format, args);
va_end(args);
return result;
}
Somebody obviously had enough of a sense of humor to place the
(non-comment-enclosed) statement in this version. Apparently, once
upon a time that was an active part of the library. (*shudder*)
Regards,
--Joe
--
+--------------Joseph Zbiciak--------------+
|- - - - jzbiciak@daldd.sc.ti.com - - - - -|
| - - http://www.primenet.com/~im14u2c - - | Not your average "Joe."
|- - - - Texas Instruments, Dallas - - - -|
+-------#include <std_disclaimer.h>--------+
