Bugtraq mailing list archives

Re: WuFTPD: Providing remote root since at least1994

From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Mon, 26 Jun 2000 16:01:43 -0400

snprintf() doesn't null terminate.

Then IMO it's broken [...]

There was quite a bit of discussion about [this] [...]
You need to do a mystring[sizeof(mystring)-1]='\0' after the call to
be on the safe side.


As I remarked to someone else privately (that message wasn't sent to
bugtraq), there comes a point where you have to say "your system's
version of foo() is so broken I'm not going to try to work around its
bugs".

And - IMO, of course - an snprintf that doesn't NUL-terminate is past
that point.

I also _think_ I remember posts saying that ANSI C doesn't require
snprintf() to null terminate.  (Don't quote me on that though)


Well, IIRC snprintf() isn't specified by ANSI C at all, which would
make this technically true but rather misleading.

Of course, it's been a while since I made any effort to bring my
knowledge of ANSI/ISO C up to current, so this could well have changed.

Regardless of what ANSI may say, though, I still consider it a serious
bug for snprintf() to fail to NUL-terminate, except when the size
parameter is zero.

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

[RHSA-2000:037-05] New Linux kernel fixes security bug, (continued)
- - - [RHSA-2000:037-05] New Linux kernel fixes security bug bugzilla () REDHAT COM (Jun 26)
  - LeafChat Denial of Service Andrew Lewis (Jun 25)
  - Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Peter Grundl (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Peter Pentchev (Jun 23)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 25)
  - Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
    - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
  - Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
    - Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
  - Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
    - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
    - Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
    - Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
    - SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
  - Re: WuFTPD: Providing *remote* root since at least1994 Bernd Luevelsmeyer (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Lars Mathiesen (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Robert Bihlmeyer (Jun 29)

(Thread continues...)

Bugtraq mailing list archives

Re: WuFTPD: Providing *remote* root since at least1994

Current thread:

Re: WuFTPD: Providing remote root since at least1994