[15557] in bugtraq
Re: WuFTPD: Providing *remote* root since at least1994
daemon@ATHENA.MIT.EDU (Kenn Humborg)
Thu Jun 29 14:59:05 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NBBBIGEGHIGMPCNKHCECIEDADLAA.kenn@bluetree.ie>
Date: Thu, 29 Jun 2000 13:00:05 +0100
Reply-To: Kenn Humborg <kenn@BLUETREE.IE>
From: Kenn Humborg <kenn@BLUETREE.IE>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200006282246.e5SMkFv00731@cvs.openbsd.org>
> > Unless it at the same time returns an error, which I presume most do
> > when they have to truncate the result. In case of error it can and
> > should be expected that the result is a bit undefined..
> >
> > I have so far seen four alternatives:
> >
> > a) Returns -1 and raw truncate without \0
> >
> > b) Returns -1 and truncate with a \0
[...]
> Can you please list the vendors who have the incorrect behaviours you
> described in (a) and (b) so that we can properly bitch at them?
Microsoft Visual C 5.0 sp3 does (a).
In fairness, their function is _snprintf rather than snprintf
so doesn't strictly need to follow a spec.
Kenn
