Re: CVS commit: syssrc

To: Allen Briggs <briggs%ninthwonder.com@localhost>
Subject: Re: CVS commit: syssrc
From: Matthew Jacob <mjacob%feral.com@localhost>
Date: Sun, 5 Dec 1999 09:54:55 -0800 (PST)

I'd also like to point out that the code in question is edge case debug
output code which can be removed as well. The most well-written software
disappears.

On Sun, 5 Dec 1999, Allen Briggs wrote:

> > > Make sure we have a big enough buffer to sprintf into (noticed by
> > > deraadt%openbsd.org@localhost).
> > Why not use snprintf instead?
> 
> In many cases, just substituting snprintf() for sprintf() will fix
> an overflow, but leave the code just as broken (but not exploitably
> so, perhaps).  Of course, I'd rather have the overflows fixed than
> not, but I'd much rather have code that was designed to prevent or
> at least handle the overflows in the first place.
> 
> Well-written software should rarely need snprintf() to protect itself.
> 
> -allen
>

References:
- Re: CVS commit: syssrc
  - From: Allen Briggs

Prev by Date: CVS commit: syssrc
Next by Date: CVS commit: basesrc
Previous by Thread: Re: CVS commit: syssrc
Next by Thread: CVS commit: basesrc
Indexes:

Home | Main Index | Thread Index | Old Index