Bugtraq mailing list archives

libdb snprintf under Digital Unix

From: krinsky () HCS HARVARD EDU (David Krinsky)
Date: Thu, 10 Jul 1997 14:34:50 -0400


Digital Unix 4.0x's libdb also appears to contain a useless wrapper for
sprintf going by the name of snprintf.  A quick test shows that it drops
the length field completely and just does a regular sprintf.

As there is no snprintf in libc as yet, there has been some talk on
alpha-osf-managers () ornl gov, if not here, about linking in this snprintf to
fix potential buffer overruns.

This would appear to be a futile endeavor.

Dave.

Current thread:

[linux-security] Re: Re: so-called snprintf() in db-1.85.4 Aleph One (Jul 10)
- Re: [linux-security] Re: Re: so-called snprintf() in db-1.85.4 Willy TARREAU (Jul 10)
- libdb snprintf under Digital Unix David Krinsky (Jul 10)
- GETADMIN 2 - THE SEQUEL Mark Joseph Edwards (Jul 10)