Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: better snprintf replacement, anyone?
From: manojk () IO COM (Manoj Kasichainula)
Date: Mon, 21 Jul 1997 23:44:03 -0500


--YxWXEtizwpuPcl6r
Content-Type: text/plain; charset=us-ascii

On Mon, Jul 21, 1997 at 08:05:34AM -0400, Steve "Stevers!" Coile wrote:
It's still not clear to me why people only suggest snprintf().
I would imagine that there are only a few cases were a program coulnd't
pre-determine the length of a string that would be generated by sprintf()
and malloc() enough memory to contain it all.

Well, you don't necessarily want to malloc all the space you might
need. Otherwise, you might end up being vulnerable to DoS attacks
through users filling up your memory, like the (disputed) qmail DoS
attacks posted to this list.

--
Manoj Kasichainula - manojk at io dot com - http://www.io.com/~manojk/
"I am J. D. Falk, Sysadmin. I own a web-server and a LART." -- Jeff Mercer

--YxWXEtizwpuPcl6r
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBM9Q6kebiBQxKQSStAQFmFAf/bmshFld+6MdTawo488kQ80p1KTSaB+JQ
hMSkwCPnsZfsCSO4Lap9CehL6EfhtTQ9r7e+oOpCvsYfeCI/47WirwMUtXLKvNOf
n6xuvokD+RvqiTjNM99YsKkAutFacPH6c4iKCAqVm2c30OElyAanR2X7I6d50mOF
+q8tjbV/IBewNZYSOT6sPWGd8oEpRT14AonRJUus6z+xwtynzF6EfUNbLXdJhC8F
Jw9TijNPGhZvdZYe+h8rCoxNuBMH1ObIihEndu3rBtiZxb3DKz4mKQoAxqpxx6vQ
Bek09LyGRWvjIFJZ6KEma2CLyrRHcvaIZ7vwQnKTTwhmeymyiyJCrg==
=JSX2
-----END PGP SIGNATURE-----

--YxWXEtizwpuPcl6r--



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]