[15544] in bugtraq
Re: WuFTPD: Providing *remote* root since at least1994
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Thu Jun 29 02:17:49 2000
Message-Id: <200006282246.e5SMkFv00731@cvs.openbsd.org>
Date: Wed, 28 Jun 2000 16:46:15 -0600
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: hno@HEM.PASSAGEN.SE
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Wed, 28 Jun 2000 08:51:58 +0200."
<3959A08E.578ED38F@hem.passagen.se>
> Unless it at the same time returns an error, which I presume most do
> when they have to truncate the result. In case of error it can and
> should be expected that the result is a bit undefined..
>
> I have so far seen four alternatives:
>
> a) Returns -1 and raw truncate without \0
>
> b) Returns -1 and truncate with a \0
>
> c) Returns the total needed amount of characters and truncate with a \0
>
> d) snprintf not existing at all
>
> So you should be safe if you properly handle the error status of
> snprintf and act upon it either by growing the buffer as needed or
> making sure that the result is \0 terminated, or if you include your own
> version unless the target system is detected to be of type (b) or (c).
Can you please list the vendors who have the incorrect behaviours you
described in (a) and (b) so that we can properly bitch at them?
