Date: Wed, 24 Nov 1999 00:45:33 -0700 From: Warner Losh <imp@village.org> To: Brian Fundakowski Feldman <green@FreeBSD.ORG> Cc: peter.jeremy@alcatel.com.au, Kris Kennaway <kris@hub.freebsd.org>, current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. Message-ID: <199911240745.AAA18867@harmony.village.org> In-Reply-To: Your message of "Tue, 23 Nov 1999 23:33:14 EST." <Pine.BSF.4.10.9911232317170.40485-100000@green.dyndns.org> References: <Pine.BSF.4.10.9911232317170.40485-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.9911232317170.40485-100000@green.dyndns.org> Brian Fundakowski Feldman writes: : Despite the fact that the buffer name[] was made to be exactly the : largest size, where sprintf() _would_be_safe_, some people insist : on using snprintf() "for stability". Don't get caught doing this. : If you find a strcat() (for example), see if it's safe. If it is, : then why replace it? No. You missed the point. It is called fail-safe programming. Even though today's use of sprintf is safe, changes to the program can make it unsafe in the future. snprintf remains safe through most, if not all, of those changes. The changes that make sprintf unsafe can be more subtle than the skills of the committer making the change, as the project frequently has novice people making changes. These should be caught, but aren't always. snprintf increases the likelyhood that these people will be able to make safe changes to the code. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911240745.AAA18867>