Re: [linux-security] so-called snprintf() in db-1.85.4 (fwd)

[jzbiciak () DALDD SC TI COM (Joe Zbiciak)]

'Aleph One' said previously:
|
| Hi,
|
| There is a severe problem with the db-1.85.4 library's Linux
| port that can be found on sunsite.unc.edu under
| /pub/Linux/libs/db-1.85.4-src.tar.gz (sp?): This library
| contains a "snprintf" function which breaks down to a common
| sprintf, ignoring the size parameter. [...]

The old Linux libbsd (whose source is included in a subdirectory
of the libc source) had such an snprintf as well.  I would imagine
anybody linking against an old libbsd would have this same
problem.

To quote the source file:

/* snprintf.c - emulate BSD snprintf with sprintf - rick sladkey */

#include <stdio.h>
#include <stdarg.h>

int snprintf(char *s, int len, char *format, ...)
{
        You are trying to do something very wrong.
        Don't use this source if you want to stay alive!

        va_list args;
        int result;

        va_start(args, format);
        result = vsprintf(s, format, args);
        va_end(args);
        return result;
}


Somebody obviously had enough of a sense of humor to place the
(non-comment-enclosed) statement in this version.  Apparently, once
upon a time that was an active part of the library.  (*shudder*)


Regards,

--Joe

--
 +--------------Joseph Zbiciak--------------+
 |- - - - jzbiciak () daldd sc ti com - - - - -|
 | - - http://www.primenet.com/~im14u2c - - |      Not your average "Joe."
 |- - - - Texas Instruments,  Dallas - - - -|
 +-------#include <std_disclaimer.h>--------+