[2183] in bugtraq
snprintf()
daemon@ATHENA.MIT.EDU (Mark A. Fullmer)
Thu Aug 31 18:55:51 1995
Date: Tue, 29 Aug 1995 23:28:09 -0400
Reply-To: maf@net.ohio-state.edu
From: "Mark A. Fullmer" <maf@net.ohio-state.edu>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
I poked around at the various snprintf()'s again today..
Both the db and nvi source have compat routines that don't actually
do the bounds checking:
nvi.1.34/PORT/clib/snprintf.c, db.1.85/PORT/clib
...
#ifdef VSPRINTF_CHARSTAR
rp = vsprintf(str, fmt, ap);
va_end(ap);
return (strlen(rp));
#else
rval = vsprintf(str, fmt, ap);
va_end(ap);
return (rval);
#endif
--
mark
maf+@osu.edu
