[4970] in bugtraq
Re: better snprintf replacement, anyone?
daemon@ATHENA.MIT.EDU (Manoj Kasichainula)
Tue Jul 22 10:11:02 1997
Date: Mon, 21 Jul 1997 23:44:03 -0500
Reply-To: Manoj Kasichainula <manojk@IO.COM>
From: Manoj Kasichainula <manojk@IO.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.970721075858.1464C-100000@adams.patriot.net>; from
Steve "Stevers!" Coile on Mon, Jul 21, 1997 at 08:05:34AM -0400
--YxWXEtizwpuPcl6r
Content-Type: text/plain; charset=us-ascii
On Mon, Jul 21, 1997 at 08:05:34AM -0400, Steve "Stevers!" Coile wrote:
> It's still not clear to me why people only suggest snprintf().
> I would imagine that there are only a few cases were a program coulnd't
> pre-determine the length of a string that would be generated by sprintf()
> and malloc() enough memory to contain it all.
Well, you don't necessarily want to malloc all the space you might
need. Otherwise, you might end up being vulnerable to DoS attacks
through users filling up your memory, like the (disputed) qmail DoS
attacks posted to this list.
--
Manoj Kasichainula - manojk at io dot com - http://www.io.com/~manojk/
"I am J. D. Falk, Sysadmin. I own a web-server and a LART." -- Jeff Mercer
--YxWXEtizwpuPcl6r
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBM9Q6kebiBQxKQSStAQFmFAf/bmshFld+6MdTawo488kQ80p1KTSaB+JQ
hMSkwCPnsZfsCSO4Lap9CehL6EfhtTQ9r7e+oOpCvsYfeCI/47WirwMUtXLKvNOf
n6xuvokD+RvqiTjNM99YsKkAutFacPH6c4iKCAqVm2c30OElyAanR2X7I6d50mOF
+q8tjbV/IBewNZYSOT6sPWGd8oEpRT14AonRJUus6z+xwtynzF6EfUNbLXdJhC8F
Jw9TijNPGhZvdZYe+h8rCoxNuBMH1ObIihEndu3rBtiZxb3DKz4mKQoAxqpxx6vQ
Bek09LyGRWvjIFJZ6KEma2CLyrRHcvaIZ7vwQnKTTwhmeymyiyJCrg==
=JSX2
-----END PGP SIGNATURE-----
--YxWXEtizwpuPcl6r--
