Home page logo

bugtraq logo Bugtraq mailing list archives

Re: patch for qpopper remote exploit bug
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Sun, 28 Jun 1998 21:02:18 +0100

Steven Winikoff wrote:
This version follows the semantics for vsnprintf() as found in
NetBSD/386 1.2:

8<----------------------------   cut here   -------------------------->8
#include <stdarg.h>
#include <stdio.h>
#include <string.h>

 *   vsnprintf() -- hacked interface, because DEC OSF/1 doesn't
 *                  have the real thing...
 *   Steven Winikoff
 *   1998/06/27
 *   This code is rather feeble-minded; all it does is truncate the
 *   given string temporarily, call vsprintf() to "print" it, and
 *   then restore the original string.
 *   We return whatever we got from vsprintf().

int vsnprintf(char *str, size_t n, const char *fmt, va_list ap)
   int  result;
   char c;

   /**  do we even need to bother?  **/

   if (strlen(str) < n) return(vsprintf(str, fmt, ap));

   /**  okay, truncate, call vsprintf(), and restore:  **/

   c        = str[n-1];
   str[n-1] = '\0';                   /* take that! :-)         */
   result   = vsprintf(str, fmt, ap); /* do the write thing :-) */
   str[n-1] = c;                      /* all better now :-)     */

8<----------------------------   cut here   -------------------------->8

I don't know if this is helpful at all, but I figured I should pass it
on anyway just in case.

WTF? This doesn't even remotely do what vsnprintf() does!

BTW, Apache has an implementation of vsnprintf() that we use coz not all
platforms supply it. So long as appropriate credits are given and due
regard is paid to licensing and licence compatibility, I see no reason
why people shouldn't use it.



Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben () algroup co uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]