Bugtraq mailing list archives
Re: WuFTPD: Providing *remote* root since at least1994
From: syl () ECMWF INT (Lars Mathiesen)
Date: Wed, 28 Jun 2000 12:43:26 +0100
On Jun 26, 16:01, der Mouse wrote:
Well, IIRC snprintf() isn't specified by ANSI C at all, which would make this technically true but rather misleading. Of course, it's been a while since I made any effort to bring my knowledge of ANSI/ISO C up to current, so this could well have changed.
As of 2000-05-22, ANSI C is ANSI/ISO/IEC 9899-1999, i.e., C99. (See "ANSI Standards Action", Volume 31, #12, June 16, 2000, page 13, <URL:http://web.ansi.org/rooms/room_14/Public/pdfs/SAV3112.pdf>) C99 does specify snprintf (in 7.19.6.5), and requires it to terminate the string with a null character. (Unless that was changed since the committee draft of 1998-08-03 (WG14/N843) which is what I have here).
Regardless of what ANSI may say, though, I still consider it a
serious
bug for snprintf() to fail to NUL-terminate, except when the size parameter is zero.
No argument there. -- Lars.Mathiesen () ecmwf int ECMWF, Shinfield Park, Reading, Berks. RG2 9AX England
Current thread:
- Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
- Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
- SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Bernd Luevelsmeyer (Jun 28)
- Update to Integrity Protection Driver Available IPD (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 29)
- Buggy ARP handling in Windoze Paul Starzetz (Jun 29)
- Re: Buggy ARP handling in Windoze Jurjen Oskam (Jun 29)
- Re: Buggy ARP handling in Windoze Steven Alexander (Jun 29)
- vpopmail-3.4.11 problems H D Moore (Jun 29)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump Conectiva Security (Jun 30)