Bugtraq mailing list archives
Re: WuFTPD: Providing *remote* root since at least1994
From: carson () TLA ORG (Carson Gaspar)
Date: Tue, 27 Jun 2000 17:31:29 -0400
"Mouse" == der Mouse <mouse () RODENTS MONTREAL QC CA> writes:
Not to mention that could still be overflowable. snprintf() doesn't null terminate.
Mouse> Then IMO it's broken - what's your reference for thinking it doesn't? Mouse> The only snprintf manpage I have at hand (NetBSD's) says The behaviour of snprintf() has _changed_. The evil forces of POSIX (as opposed to the benign forces of POSIX) changed the semantics without changing the function name. They never learn... So, if you use snprintf() in portable code, you must either: - Check to see if it null-terminates - Check to see what value it returns (number of bytes copied? number of bytes it _would_ have copied, if bufflen was infinite? -1 (what's errno)? 0?) - Write some wrapper function that handles all possible combinations of the above behaviours or: - Use your own portable snprintf() replacement Life just really sucks sometimes. -- Carson Gaspar -- carson () tla org Queen Trapped in a Butch Body
Current thread:
- ftpd: the advisory version, (continued)
- ftpd: the advisory version Lamagra Argamal (Jun 23)
- Re: ftpd: the advisory version Bernd Luevelsmeyer (Jun 25)
- Re: ftpd: the advisory version Sebastian (Jun 26)
- [RHSA-2000:037-05] New Linux kernel fixes security bug bugzilla () REDHAT COM (Jun 26)
- LeafChat Denial of Service Andrew Lewis (Jun 25)
- Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Peter Grundl (Jun 26)
- Re: ftpd: the advisory version Bernd Luevelsmeyer (Jun 25)
- Re: WuFTPD: Providing *remote* root since at least1994 Peter Pentchev (Jun 23)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 25)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Eric Hines (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
- ftpd: the advisory version Lamagra Argamal (Jun 23)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Valentin Nechayev (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
- Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
- SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
- Re: WuFTPD: Providing *remote* root since at least1994 Henrik Nordstrom (Jun 27)