On Wed, 9 Jul 1997, Gary Barnett wrote:
>I've been following the recent thread on the linux security list
>relating to the snprintf function.
>
>I'm not worried about the problems reported with the snprintf,
>mostly because my mud no longer runs on Linux :-) Those of
>you who aren't aware of the problem should note that snprintf
>on some Linux boxes doesn't do the bounds checking that it's
>supposed to.
The problem wasn't with the LibC library, it was with a different library
starting with a d that I've forgotten. Simple test:
#include <stdio.h>
#include <string.h>
int main()
{
char buf[8192];
char buf2[256];
memset(buf, 33, 8192);
snprintf(buf2, 256, "%s", buf);
printf("%s\n", buf2);
}
That will put about 8k of '!' into a 256 byte buffer. If it crashes,
refer to the BugTraq archives at www.geek-girl.com for sometime in the past
week. If it doesn't crash and prints a lot of !'s, you're ok.
And no, I haven't converted all the sprintf's to snprintf's. I'm currently
working on a patch to do such a thing though. Coming sometime soon...
-George
+-----------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://cspo.queensu.ca/~fletcher/Circle/list-faq.html |
+-----------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/08/00 PST