[15527] in bugtraq
Re: WuFTPD: Providing *remote* root since at least1994
daemon@ATHENA.MIT.EDU (Carson Gaspar)
Wed Jun 28 17:40:29 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14681.7473.840027.523709@taltos.tla.org>
Date: Tue, 27 Jun 2000 17:31:29 -0400
Reply-To: carson@tla.org
From: Carson Gaspar <carson@tla.org>
X-To: der Mouse <mouse@RODENTS.MONTREAL.QC.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200006251515.LAA06687@Twig.Rodents.Montreal.QC.CA>
>>>>> "Mouse" == der Mouse <mouse@RODENTS.MONTREAL.QC.CA> writes:
>> Not to mention that could still be overflowable. snprintf() doesn't
>> null terminate.
Mouse> Then IMO it's broken - what's your reference for thinking it doesn't?
Mouse> The only snprintf manpage I have at hand (NetBSD's) says
The behaviour of snprintf() has _changed_. The evil forces of POSIX (as
opposed to the benign forces of POSIX) changed the semantics without
changing the function name. They never learn...
So, if you use snprintf() in portable code, you must either:
- Check to see if it null-terminates
- Check to see what value it returns (number of bytes copied? number of
bytes it _would_ have copied, if bufflen was infinite? -1 (what's errno)? 0?)
- Write some wrapper function that handles all possible combinations of the
above behaviours
or:
- Use your own portable snprintf() replacement
Life just really sucks sometimes.
--
Carson Gaspar -- carson@tla.org
Queen Trapped in a Butch Body
