Re: WuFTPD: Providing *remote* root since at least1994

[Casper.Dik () HOLLAND SUN COM (Casper Dik)]

> > > > > > "Mouse" == der Mouse <mouse () RODENTS MONTREAL QC CA> writes:
>
> > > Not to mention that could still be overflowable.  snprintf() doesn't
> > > null terminate.
>
> Mouse> Then IMO it's broken - what's your reference for thinking it doesn't?
> Mouse> The only snprintf manpage I have at hand (NetBSD's) says
>
> The behaviour of snprintf() has _changed_. The evil forces of POSIX (as
> opposed to the benign forces of POSIX) changed the semantics without
> changing the function name. They never learn...

POSIX?  Perhaps you mean X/Open?  X/OPen does guarantee NUL termination.
The return value is, however, not properly specified.

http://www.opengroup.org/onlinepubs/007908799/xsh/fprintf.html

lists undefined behaviour for n < 1 (return a value < 1) and also
appear to indicate it will return atmost "n - 1".

I think a defect report weas issued; X/Open is also likely to
follow C99.

> So, if you use snprintf() in portable code, you must either:
>
> - Check to see if it null-terminates

If it doesn't, it's broken.

> - Check to see what value it returns (number of bytes copied? number of
> bytes it _would_ have copied, if bufflen was infinite? -1 (what's errno)? 0?)

That is something that differs from implementation to implementation; I'm
told even the original one returned bytes copied rather than whatever
sprintf() would have returned.

Also, be aware that snprintf(NULL, 0, fmt, ...) and snprintf(buf, 0, fmt, ...)
are dangerous contructs to use (few implementation return the sprintf()
result in that case)

Since snprintf() shares the printf() formatting engine with the other
functions it can return -1 w/ errno = EILSEQ on UNIX98 compliant systems.
(And probably other errnos too)

However, EILSEQ will only happen for wide char conversions; static
inspection fo the snprintf fmt string willtell you whether or not
you'll encounter them.

Casper