Vulnerability Development mailing list archives

Re: Secure coding in C (was Re: Administrivia #4883)

From: btellier () USA NET (Tellier, Brock)
Date: Thu, 20 Jan 2000 19:42:30 -0000


In message <<A HREF="mailto:Pine.LNX.4.03.10001161207550.7428-100000 () brian citynet 
net">Pine.LNX.4.03.10001161207550.7428-100000 () brian citynet net</A>> Brian Masney writes:
: On some UNIX systems, snprintf does not guarentee that it will nul
: terminate the string. I know on some older versions of libc5 (sorry,
: don't have an exact version), if the buffer you was writing to got to the
: max size you passed it, it would stop there without adding the nul. So,
: you'll run into problems later on if you pass it to a string
: function (like strcpy())

snprintf is *DEFINED* to NUL terminate the string.  Systems >that don't
do this are broken.  That's why it is used as widely as it >is.

From the Solaris 7 snprintf man page:


The snprintf() function is identical to sprintf()
with the addition  of the argument n, which specifies
the size of the buffer referred to by s. The buffer is terminated  with  the null byte only if space is available.
--------------------------------^^^^^^^^^^^^^^^^^^^^^^^^^^

Meaning that one shouldn't copy more than bufsize - 1 bytes or risk a bof later on.

Brock Tellier
UNIX Systems Administrator
Chicago, IL, USA
btellier () usa net

Current thread:

Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- - - Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Aviram Jenik (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) Craig H. Rowland (Jan 17)
    - Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Solar Eclipse (Jan 17)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Blue Boar (Jan 17)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days kay (Jan 18)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days Blue Boar (Jan 18)
    - e-commerce site security (was: Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days) Jon Paul, Nollmann (Jan 18)
    - Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Tellier, Brock (Jan 20)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 20)
    - Re: Secure coding in C (was Re: Administrivia #4883) Seth R Arnold (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Blue Boar (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Mikael Olsson (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 21)
    - Re: Secure coding in C (was Re: Administrivia #4883) CyberPsychotic (Jan 22)
    - Re: Secure coding in C (was Re: Administrivia #4883) Marc Esipovich (Jan 21)
    - Generalized List of Threats and Vulnerabilities Dave Drake (Jan 21)
    - Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)
    - Re: Generalized List of Threats and Vulnerabilities Crispin Cowan (Jan 23)

(Thread continues...)