Vulnerability Development mailing list archives

Re: Secure coding in C (was Re: Administrivia #4883)

From: imp () VILLAGE ORG (Warner Losh)
Date: Mon, 17 Jan 2000 12:08:56 -0700


In message <Pine.LNX.4.03.10001161207550.7428-100000 () brian citynet net> Brian Masney writes:
: On some UNIX systems, snprintf does not guarentee that it will nul
: terminate the string. I know on some older versions of libc5 (sorry,
: don't have an exact version), if the buffer you was writing to got to the
: max size you passed it, it would stop there without adding the nul. So,
: you'll run into problems later on if you pass it to a string
: function (like strcpy())

snprintf is *DEFINED* to NUL terminate the string.  Systems that don't
do this are broken.  That's why it is used as widely as it is.

Warner

Current thread:

Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- - - Re: Secure coding in C (was Re: Administrivia #4883) Paul Cardon (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Aviram Jenik (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) Craig H. Rowland (Jan 17)
    - Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Solar Eclipse (Jan 17)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Blue Boar (Jan 17)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days kay (Jan 18)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days Blue Boar (Jan 18)
    - e-commerce site security (was: Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days) Jon Paul, Nollmann (Jan 18)
    - Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Tellier, Brock (Jan 20)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 20)
    - Re: Secure coding in C (was Re: Administrivia #4883) Seth R Arnold (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Blue Boar (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Mikael Olsson (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) CyberPsychotic (Jan 22)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marc Esipovich (Jan 21)
    - Generalized List of Threats and Vulnerabilities Dave Drake (Jan 21)
    - Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)

(Thread continues...)