From owner-freebsd-current Wed Nov 24 7:20:35 1999 Delivered-To: freebsd-current@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 99CA3152E9; Wed, 24 Nov 1999 07:20:19 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA29757; Wed, 24 Nov 1999 10:19:49 -0500 (EST) (envelope-from wollman) Date: Wed, 24 Nov 1999 10:19:49 -0500 (EST) From: Garrett Wollman Message-Id: <199911241519.KAA29757@khavrinen.lcs.mit.edu> To: Brian Fundakowski Feldman Cc: peter.jeremy@alcatel.com.au, Kris Kennaway , current@FreeBSD.ORG Subject: Re: FreeBSD security auditing project. In-Reply-To: References: <99Nov24.075703est.40331@border.alcanet.com.au> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG < said: > #define SNPARGS(buf, len) buf + len, sizeof(buf) > len ? sizeof(buf) - len : 0 > char action2[32], proto[47], name[18], fragment[17]; > /* Print command name */ > snprintf(SNPARGS(name, 0), "ipfw: %d", f ? f->fw_number : -1); > Despite the fact that the buffer name[] was made to be exactly the > largest size Exactly the largest size of what? All I see here is a magic number. Perhaps if name[] had been declared thus: #define INTTYPE_NCHARS(t) ((sizeof(t) * 3 * CHAR_BIT + 7) / 8) char name[(sizeof "ipfw: ") + INTTYPE_NCHARS(int)]; ...but even then, if KNF is followed, this declaration might be so far away from the printf format that when the format is modified, the programmer might forget to modify the declaration as well. snprintf is a good thing. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message