Full Disclosure mailing list archives

Re: Evidence of a ISC being hacked?

From: Pavel Kankovsky <peak () argo troja mff cuni cz>
Date: Thu, 24 Jun 2004 23:39:56 +0200 (MET DST)

On Thu, 24 Jun 2004 Valdis.Kletnieks () vt edu wrote:

It's easier to just #define the critter than to re-re-invent the C code
for vsnprintf() (which isn't always trivial, as your vsnprintf() has to play
nice with the vendor's stdio - this can be .. umm... "interesting" if the
innards of the vendor stdio are more bizzare than usual...


vsnprintf() does not have to "play nice" with stdio. It does not have to
play with stdio at all. You don't need to mess with stdio in order to
stuff some characters into an array.

Go ahead - go and re-write a vsnprintf, and compare that to the time it
takes to do the #define


It is rather easy as long as everything you need are common string and
integer directives. Indeed, floats are tricky. Exotic C99 is even more
tricky. But I think the set of printf features required by dhcpd and
similar programs is (or should be) pretty small.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: New malware to infect IIS and from there jump to clients, (continued)
- - - Re: New malware to infect IIS and from there jump to clients Nick FitzGerald (Jun 24)
    - SV: New malware to infect IIS and from there jump to clients Peter Kruse (Jun 24)
    - Re: SV: New malware to infect IIS and from there jump to clients Duncan Hill (Jun 25)
    - Re: SV: New malware to infect IIS and from there jump to clients Nasir Ghaznavi (Jun 25)
    - Re: New malware to infect IIS and from there jump to clients Gary Flynn (Jun 25)
    - RE: New malware to infect IIS and from there jump to clients joe (Jun 25)
    - Re: New malware to infect IIS and from there jump to clients insecure (Jun 25)
    - Re: New malware to infect IIS and from there jump to clients Matt Power (Jun 27)
    - Re: Evidence of a ISC being hacked? VX Dude (Jun 24)
    - Re: Evidence of a ISC being hacked? Valdis . Kletnieks (Jun 25)
  - Re: Evidence of a ISC being hacked? Pavel Kankovsky (Jun 24)
    - IE exploit runs code from graphics? Larry Seltzer (Jun 24)
    - RE: IE exploit runs code from graphics? Heather M. Guse Bryan (Jun 24)
    - Re: IE exploit runs code from graphics? Nick FitzGerald (Jun 24)
    - RE: IE exploit runs code from graphics? Larry Seltzer (Jun 24)
    - Re: IE exploit runs code from graphics? Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 26)
    - Re: IE exploit runs code from graphics? Jimmy Mitchener (Jun 26)
    - Re: IE exploit runs code from graphics? st3ng4h (Jun 26)
    - Re: IE exploit runs code from graphics? Valdis . Kletnieks (Jun 28)
    - Re: IE exploit runs code from graphics? Steve Kudlak (Jun 27)
    - Re: IE exploit runs code from graphics? Pavel Kankovsky (Jun 27)