Re: snprintf?!?

From: George (greerga@MIAVX1.ACS.MUOHIO.EDU)
Date: 07/10/97


On Wed, 9 Jul 1997, Gary Barnett wrote:

>I've been following the recent thread on the linux security list
>relating to the snprintf function.
>
>I'm not worried about the problems reported with the snprintf,
>mostly because my mud no longer runs on Linux :-) Those of
>you who aren't aware of the problem should note that snprintf
>on some Linux boxes doesn't do the bounds checking that it's
>supposed to.

The problem wasn't with the LibC library, it was with a different library
starting with a d that I've forgotten.  Simple test:

#include <stdio.h>
#include <string.h>

int main()
{
  char buf[8192];
  char buf2[256];

  memset(buf, 33, 8192);
  snprintf(buf2, 256, "%s", buf);
  printf("%s\n", buf2);
}

That will put about 8k of '!' into a 256 byte buffer.  If it crashes,
refer to the BugTraq archives at www.geek-girl.com for sometime in the past
week.  If it doesn't crash and prints a lot of !'s, you're ok.

And no, I haven't converted all the sprintf's to snprintf's.  I'm currently
working on a patch to do such a thing though.  Coming sometime soon...

-George


      +-----------------------------------------------------------+
      | Ensure that you have read the CircleMUD Mailing List FAQ: |
      |   http://cspo.queensu.ca/~fletcher/Circle/list-faq.html   |
      +-----------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/08/00 PST