[4894] in bugtraq
libdb snprintf under Digital Unix
daemon@ATHENA.MIT.EDU (David Krinsky)
Fri Jul 11 05:11:34 1997
Date: Thu, 10 Jul 1997 14:34:50 -0400
Reply-To: David Krinsky <krinsky@HCS.HARVARD.EDU>
From: David Krinsky <krinsky@HCS.HARVARD.EDU>
To: BUGTRAQ@NETSPACE.ORG
Digital Unix 4.0x's libdb also appears to contain a useless wrapper for
sprintf going by the name of snprintf. A quick test shows that it drops
the length field completely and just does a regular sprintf.
As there is no snprintf in libc as yet, there has been some talk on
alpha-osf-managers@ornl.gov, if not here, about linking in this snprintf to
fix potential buffer overruns.
This would appear to be a futile endeavor.
Dave.
