Bugtraq mailing list archives
Re: ProFTPD 1.2.0pre4 available
From: pfaffben () MSU EDU (Ben Pfaff)
Date: Fri, 3 Sep 1999 20:28:05 -0400
Werner Koch <wk () ISIL D SHUTTLE DE> writes: Malicious User <mark () NIJNTJE NET> writes: > knock it around. I suspect this version will still fail on FreeBSD > (anyone care to offer up an account for me on a FreeBSD system to test Instead of using snprintf() you can you sprintf() and change the "%s" formats to (e.g.) "$%.30s" - somewhat more work but much more portable. Note that snprintf() is in the C9x draft standard, so it will soon be much more common that it is today. As a result, it may not be worth it to try to be more portable through such devices. In addition, it is worth noting that snprintf() as specified by the C9x draft has return value semantics different from those commonly found. As a result, calls to snprintf() where the return value is checked should be scrutinized, since this change could presumably pose a security risk. To cite one place where this changes, glibc 2.1 uses the C9x return value semantics, whereas glibc 2.0 uses the older semantics. -- "You know, they probably have special dorms for people like us." --American Pie
Current thread:
- ProFTPD 1.2.0pre4 available Malicious User (Aug 30)
- Re: ProFTPD 1.2.0pre4 available Werner Koch (Sep 01)
- <Possible follow-ups>
- Re: ProFTPD 1.2.0pre4 available Ben Pfaff (Sep 03)
- Re: ProFTPD 1.2.0pre4 available Theo de Raadt (Sep 08)
- Re: ProFTPD 1.2.0pre4 available Casper Dik (Sep 12)
- CISCO and nestea. Vit Andrusevich (Sep 09)
- Re: CISCO and nestea. Basil V. Dolmatov (Sep 11)
- Re: CISCO and nestea. Jim Duncan (Sep 11)
- Re: ProFTPD 1.2.0pre4 available Theo de Raadt (Sep 08)