[7077] in bugtraq
Re: QPOPPER problem.... ONE crude patch...
daemon@ATHENA.MIT.EDU (Miquel van Smoorenburg)
Sun Jun 28 05:30:51 1998
Date: Sun, 28 Jun 1998 00:18:22 +0200
Reply-To: Miquel van Smoorenburg <miquels@CISTRON.NL>
From: Miquel van Smoorenburg <miquels@CISTRON.NL>
To: BUGTRAQ@NETSPACE.ORG
In article <Pine.LNX.3.96.980627181545.1549A-100000@hobbe.tripnet.se>,
Daniel Ryde <ryde@TRIPNET.SE> wrote:
>On Sat, 27 Jun 1998, Tom Brown wrote:
>
>> vsnprintf(mp,sizeof(message)-(mp - message)-3,format,ap);
>
>Dangerous, if the string is truncated it will skip the null termination,
>then later the strcat might fail miserably (unless all arcitectures makes
>for sure that, when allocated, the string is filled with null, which I
>really doubt).
Unlike strncat, snprintf is supposed to add a trailing zero. If it
doesn't then your library implementation is wrong and you probably have
more things to worry about ..
>Another note is the next lines of sprintf (architectures
>that dont have vsprintf) that will have the same problem as vsprintf.
>Change these to snprintf in a similar way, and add a null to the end.
I'll post a revised patch in a minute. For architectures without
vnsprintf() it just makes the buffer 4 times bigger, that's sufficient
(that's not a guess but a fact).
Mike.
--
Miquel van Smoorenburg | Our vision is to speed up time,
miquels@cistron.nl | eventually eliminating it.
