Re: WuFTPD: Providing *remote* root since at least1994

[kragen () POBOX COM (Kragen Sitaker)]

[Elias, if you approve my previous post, I'd be most obliged if you'd
post this correction with it.]

On Fri, 30 Jun 2000, Kragen wrote:
> ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/.  Theo de Raadt
> posted a portable, audited, well-tested implementation of snprintf to
> BUGTRAQ in 1997; unfortunately, his link to
> http://theos.org/~deraadt/snprintf.c is now broken.

Sorry, that's http://theos.com/~deraadt/snprintf.c, and it's still
broken.:)

However, http://theos.com/deraadt/snprintf.c works.

It's also not particularly portable, relying on mprotect(),
sigaction(), and sigsetjmp(), so it will only run on Unixes, and only
mostly POSIX-compliant ones, at that --- no ancient BSD without
sigaction and no ancient SysV without mprotect().  Also, it could
conceivably break if you handle SIGSEGV yourself (for e.g.  user-level
virtual memory).  And it appears to have a bug: if you try to write
into a buffer of zero bytes, it nevertheless null-terminates the
result.

So maybe there's still an excuse for not using snprintf(). :)

--
<kragen () pobox com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
The Internet stock bubble didn't burst on 1999-11-08.  Hurrah!
<URL:http://www.pobox.com/~kragen/bubble.html>
The power didn't go out on 2000-01-01 either.  :)