Bugtraq mailing list archives

Re: WuFTPD: Providing remote root since at least1994

From: hno () HEM PASSAGEN SE (Henrik Nordstrom)
Date: Wed, 28 Jun 2000 08:51:58 +0200


der Mouse wrote:

And - IMO, of course - an snprintf that doesn't NUL-terminate is past
that point.


Unless it at the same time returns an error, which I presume most do
when they have to truncate the result. In case of error it can and
should be expected that the result is a bit undefined..

I have so far seen four alternatives:

a) Returns -1 and raw truncate without \0

b) Returns -1 and truncate with a \0

c) Returns the total needed amount of characters and truncate with a \0

d) snprintf not existing at all

So you should be safe if you properly handle the error status of
snprintf and act upon it either by growing the buffer as needed or
making sure that the result is \0 terminated, or if you include your own
version unless the target system is detected to be of type (b) or (c).

--
Henrik Nordstrom

Current thread:

LeafChat Denial of Service, (continued)
- - LeafChat Denial of Service Andrew Lewis (Jun 25)
  - Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Peter Grundl (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Peter Pentchev (Jun 23)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 25)
  - Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
    - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
  - Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
    - Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
  - Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
    - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
    - Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
    - Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
    - Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
    - SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
  - Re: WuFTPD: Providing *remote* root since at least1994 Bernd Luevelsmeyer (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Lars Mathiesen (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Robert Bihlmeyer (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Ben Pfaff (Jun 29)

(Thread continues...)

Bugtraq mailing list archives

Re: WuFTPD: Providing *remote* root since at least1994

Current thread:

Re: WuFTPD: Providing remote root since at least1994