Bugtraq mailing list archives

Re: WuFTPD: Providing remote root since at least1994

From: syl () ECMWF INT (Lars Mathiesen)
Date: Wed, 28 Jun 2000 12:43:26 +0100


On Jun 26, 16:01, der Mouse wrote:

Well, IIRC snprintf() isn't specified by ANSI C at all, which would
make this technically true but rather misleading.

Of course, it's been a while since I made any effort to bring my
knowledge of ANSI/ISO C up to current, so this could well have
changed.


As of 2000-05-22, ANSI C is ANSI/ISO/IEC 9899-1999, i.e., C99.

(See "ANSI Standards Action", Volume 31, #12, June 16, 2000, page 13,
<URL:http://web.ansi.org/rooms/room_14/Public/pdfs/SAV3112.pdf>)

C99 does specify snprintf (in 7.19.6.5), and requires it to terminate
the string with a null character. (Unless that was changed since the
 committee draft of 1998-08-03 (WG14/N843) which is what I have here).

Regardless of what ANSI may say, though, I still consider it a

serious

bug for snprintf() to fail to NUL-terminate, except when the size
parameter is zero.


No argument there.

--
Lars.Mathiesen () ecmwf int
ECMWF, Shinfield Park,
Reading, Berks.
RG2 9AX  England

Current thread:

Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- - - Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
  - Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
    - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
    - Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
    - Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
    - SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
  - Re: WuFTPD: Providing *remote* root since at least1994 Bernd Luevelsmeyer (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Lars Mathiesen (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Robert Bihlmeyer (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Ben Pfaff (Jun 29)
  - Update to Integrity Protection Driver Available IPD (Jun 29)
  - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 29)
  - Buggy ARP handling in Windoze Paul Starzetz (Jun 29)
    - Re: Buggy ARP handling in Windoze Jurjen Oskam (Jun 29)
    - Re: Buggy ARP handling in Windoze Steven Alexander (Jun 29)
    - vpopmail-3.4.11 problems H D Moore (Jun 29)
    - CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump Conectiva Security (Jun 30)

Bugtraq mailing list archives

Re: WuFTPD: Providing *remote* root since at least1994

Current thread:

Re: WuFTPD: Providing remote root since at least1994