Bugtraq mailing list archives
Re: better snprintf replacement, anyone?
From: manojk () IO COM (Manoj Kasichainula)
Date: Mon, 21 Jul 1997 23:44:03 -0500
--YxWXEtizwpuPcl6r Content-Type: text/plain; charset=us-ascii On Mon, Jul 21, 1997 at 08:05:34AM -0400, Steve "Stevers!" Coile wrote:
It's still not clear to me why people only suggest snprintf(). I would imagine that there are only a few cases were a program coulnd't pre-determine the length of a string that would be generated by sprintf() and malloc() enough memory to contain it all.
Well, you don't necessarily want to malloc all the space you might need. Otherwise, you might end up being vulnerable to DoS attacks through users filling up your memory, like the (disputed) qmail DoS attacks posted to this list. -- Manoj Kasichainula - manojk at io dot com - http://www.io.com/~manojk/ "I am J. D. Falk, Sysadmin. I own a web-server and a LART." -- Jeff Mercer --YxWXEtizwpuPcl6r Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBM9Q6kebiBQxKQSStAQFmFAf/bmshFld+6MdTawo488kQ80p1KTSaB+JQ hMSkwCPnsZfsCSO4Lap9CehL6EfhtTQ9r7e+oOpCvsYfeCI/47WirwMUtXLKvNOf n6xuvokD+RvqiTjNM99YsKkAutFacPH6c4iKCAqVm2c30OElyAanR2X7I6d50mOF +q8tjbV/IBewNZYSOT6sPWGd8oEpRT14AonRJUus6z+xwtynzF6EfUNbLXdJhC8F Jw9TijNPGhZvdZYe+h8rCoxNuBMH1ObIihEndu3rBtiZxb3DKz4mKQoAxqpxx6vQ Bek09LyGRWvjIFJZ6KEma2CLyrRHcvaIZ7vwQnKTTwhmeymyiyJCrg== =JSX2 -----END PGP SIGNATURE----- --YxWXEtizwpuPcl6r--
Current thread:
- better snprintf replacement, anyone? Theo de Raadt (Jul 19)
- Re: better snprintf replacement, anyone? Steve \ (Jul 21)
- Re: better snprintf replacement, anyone? Manoj Kasichainula (Jul 21)
- Re: better snprintf replacement, anyone? Theo de Raadt (Jul 21)
- Re: better snprintf replacement, anyone? Alan Cox (Jul 22)
- Re: better snprintf replacement, anyone? James Bonfield (Jul 22)
- ld.so vulnerability Aleph One (Jul 22)
- Security hole in exim 1.62: local root exploit Aleph One (Jul 22)
- Re: Security hole in exim 1.62: local root exploit Warner Losh (Jul 22)
- Named Config Files Gus Huber (Jul 22)
- Re: Named Config Files Aveek Datta (Jul 22)
- Re: better snprintf replacement, anyone? Steve \ (Jul 21)
- <Possible follow-ups>
- Re: better snprintf replacement, anyone? Bill Rugolsky Jr. (Jul 22)
- Re: better snprintf replacement, anyone? Casper Dik (Jul 23)