Bugtraq mailing list archives
Re: WuFTPD: Providing *remote* root since at least1994
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Mon, 26 Jun 2000 21:51:28 +0200
der Mouse wrote:
Not to mention that could still be overflowable. snprintf() doesn't null terminate.Then IMO it's broken - what's your reference for thinking it doesn't? The only snprintf manpage I have at hand (NetBSD's) says
There was quite a bit of discussion about the behavior of snprintf() a while ago; can't quite remember on which list it was though. The consensus was that "(default libs of) different OSes behave completely differently", so if you want to be cross-platform (or cross-major-version), you can't assume that snprintf() terminates. You need to do a mystring[sizeof(mystring)-1]='\0' after the call to be on the safe side. And, no, this wasn't just "lame OS" standard behaviour; it differs between different unix dialects. I also _think_ I remember posts saying that ANSI C doesn't require snprintf() to null terminate. (Don't quote me on that though) $.02 /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05 Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50 WWW: http://www.enternet.se/ E-mail: mikael.olsson () enternet se
Current thread:
- Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- Re: WuFTPD: Providing *remote* root since at least1994 Bernhard Rosenkraenzer (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Gregory A Lundberg (Jun 27)
- ftpd: the advisory version Lamagra Argamal (Jun 23)
- Re: ftpd: the advisory version Bernd Luevelsmeyer (Jun 25)
- Re: ftpd: the advisory version Sebastian (Jun 26)
- [RHSA-2000:037-05] New Linux kernel fixes security bug bugzilla () REDHAT COM (Jun 26)
- LeafChat Denial of Service Andrew Lewis (Jun 25)
- Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Peter Grundl (Jun 26)
- Re: ftpd: the advisory version Bernd Luevelsmeyer (Jun 25)
- Re: WuFTPD: Providing *remote* root since at least1994 Peter Pentchev (Jun 23)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 25)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)