Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [FD] Evidence of a ISC being hacked?

From: Thomas Binder <full-disclosure () arago de>
Date: Fri, 25 Jun 2004 00:33:25 +0200
Hi!

On Thu, Jun 24, 2004 at 03:38:27PM -0400, Valdis.Kletnieks () vt edu wrote:

1) The wrapper/define/handwaving discards it and prays.

2) The replacement function does a proper job of doing a full enough
emulation of vsnprintf to keep track of "length so far" and stop
when it gets full (not as easy as you might think - for fun, compute
how many bytes this takes:


3) Only useable on systems with /dev/null: fopen() /dev/null,
   vfprintf() to that handle and take the return value - it
   contains the number of characters written (or -1 on error).
   Then malloc() a temporary buffer to hold the complete output,
   vsprintf() to it and strncpy() to the destination array.

Of course, this might not be a suitable solution in a performance
sensitive application, but it's only a workaround for a missing
function anyway.


Ciao

Thomas

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: