Vulnerability Development mailing list archives

Re: Secure coding in C (was Re: Administrivia #4883)

From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Fri, 21 Jan 2000 00:20:04 -0800


On Thu, Jan 20, 2000 at 11:57:38PM -0800, Marco Walther wrote:

And the same paragraph from the Solaris 8 snprintf man page:

"     The snprintf() function is identical to sprintf()  with  the
     addition  of the argument n, which specifies the size of the
     buffer referred to by s. The  buffer  is  always  terminated
     with the null byte."

I've tried a small test case on Solaris 7 and it looks like the man is
not correct there?!

#include <stdio.h>

main()
{
  char b[10];

  snprintf(b, 10, "I'm a really long test string!\n");

  printf("b[9]= %d\n", (int)b[9]);
}

returns `b[9]= 0'


Marco, might I be so bold to ask what you expected to happen? AFAICT, that
is correct behavior..

But, my C coding experience is .. limited. :)

--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!

Current thread:

Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- - - Re: Secure coding in C (was Re: Administrivia #4883) Aviram Jenik (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) Craig H. Rowland (Jan 17)
    - Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Solar Eclipse (Jan 17)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Blue Boar (Jan 17)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days kay (Jan 18)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days Blue Boar (Jan 18)
    - e-commerce site security (was: Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days) Jon Paul, Nollmann (Jan 18)
    - Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Tellier, Brock (Jan 20)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 20)
    - Re: Secure coding in C (was Re: Administrivia #4883) Seth R Arnold (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Blue Boar (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Mikael Olsson (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) CyberPsychotic (Jan 22)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marc Esipovich (Jan 21)
    - Generalized List of Threats and Vulnerabilities Dave Drake (Jan 21)
    - Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)
    - Re: Generalized List of Threats and Vulnerabilities Crispin Cowan (Jan 23)
    - Re: Generalized List of Threats and Vulnerabilities John Duksta (Jan 21)
    - Administrivia #5218 Blue Boar (Jan 21)

(Thread continues...)