Bugtraq mailing list archives
Re: better snprintf replacement, anyone?
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Tue, 22 Jul 1997 09:36:35 +0100
you have a large enough buffer, you eliminate the buffer overflow problem, and you don't truncate the string. Is malloc()-ing the memory *that* inefficient? Less efficient than the scanning and parsing snprintf() must do to the format string?
In the case of a dynamic loader you don't have a libc backing you, thats why someone took the (very wrong) shortcut they did originally when doing ld.so You are right about malloc for many cases, but its also true that you normally know the length of a buffer anyway
Current thread:
- better snprintf replacement, anyone? Theo de Raadt (Jul 19)
- Re: better snprintf replacement, anyone? Steve \ (Jul 21)
- Re: better snprintf replacement, anyone? Manoj Kasichainula (Jul 21)
- Re: better snprintf replacement, anyone? Theo de Raadt (Jul 21)
- Re: better snprintf replacement, anyone? Alan Cox (Jul 22)
- Re: better snprintf replacement, anyone? James Bonfield (Jul 22)
- ld.so vulnerability Aleph One (Jul 22)
- Security hole in exim 1.62: local root exploit Aleph One (Jul 22)
- Re: Security hole in exim 1.62: local root exploit Warner Losh (Jul 22)
- Named Config Files Gus Huber (Jul 22)
- Re: Named Config Files Aveek Datta (Jul 22)
- Re: better snprintf replacement, anyone? Steve \ (Jul 21)
- <Possible follow-ups>
- Re: better snprintf replacement, anyone? Bill Rugolsky Jr. (Jul 22)
- Re: better snprintf replacement, anyone? Casper Dik (Jul 23)
- Re: better snprintf replacement, anyone? der Mouse (Jul 22)
- Re: better snprintf replacement, anyone? Sten Gunterberg (Jul 22)