Bugtraq mailing list archives
Re: patch for qpopper remote exploit bug
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Sun, 28 Jun 1998 21:02:18 +0100
Steven Winikoff wrote:
This version follows the semantics for vsnprintf() as found in NetBSD/386 1.2: 8<---------------------------- cut here -------------------------->8 #include <stdarg.h> #include <stdio.h> #include <string.h> /* * vsnprintf() -- hacked interface, because DEC OSF/1 doesn't * have the real thing... * * Steven Winikoff * 1998/06/27 * * This code is rather feeble-minded; all it does is truncate the * given string temporarily, call vsprintf() to "print" it, and * then restore the original string. * * We return whatever we got from vsprintf(). */ int vsnprintf(char *str, size_t n, const char *fmt, va_list ap) { int result; char c; /** do we even need to bother? **/ if (strlen(str) < n) return(vsprintf(str, fmt, ap)); /** okay, truncate, call vsprintf(), and restore: **/ c = str[n-1]; str[n-1] = '\0'; /* take that! :-) */ result = vsprintf(str, fmt, ap); /* do the write thing :-) */ str[n-1] = c; /* all better now :-) */ return(result); } 8<---------------------------- cut here -------------------------->8 I don't know if this is helpful at all, but I figured I should pass it on anyway just in case.
WTF? This doesn't even remotely do what vsnprintf() does! BTW, Apache has an implementation of vsnprintf() that we use coz not all platforms supply it. So long as appropriate credits are given and due regard is paid to licensing and licence compatibility, I see no reason why people shouldn't use it. Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: ben () algroup co uk | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/ WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/
Current thread:
- Re: patch for qpopper remote exploit bug Steven Winikoff (Jun 28)
- <Possible follow-ups>
- Re: patch for qpopper remote exploit bug Ben Laurie (Jun 28)
- Re: patch for qpopper remote exploit bug Johan Danielsson (Jun 28)
- Re: patch for qpopper remote exploit bug Steven Winikoff (Jun 29)
- Re: patch for qpopper remote exploit bug Kev (Jun 29)
- Re: patch for qpopper remote exploit bug David DeSimone (Jun 30)
- SECURITY: too many new packages twiztah (Jun 30)
- Environment variables (SECURITY: too many new packages) Alan Cox (Jun 29)
- Qualcomm's qpopper 2.5 Aleph One (Jun 30)