On Wed, 16 Mar 2005, Russell Nelson wrote:
I've seen Dan Bernstein (and you don't get much
more careful or paranoid about security than Dan) write code like
this:
static char line[999];
len = 0;
len += fmt_ulong(line + len,rp);
len += fmt_str(line + len," , ");
len += fmt_ulong(line + len,lp);
len += fmt_str(line + len,"\r\n");
Of course, the number of characters that fmt_ulong will insert is
limited by the number of bits in an unsigned long, and both strings
are of constant length.
Ick. Why not the simpler/clearer (and hence safer -- complexity makes
it harder to find bugs of any sort, including security ones) snprintf()
call:
#define N_LINE 999
static char line[N_LINE];
len = snprintf(line, N_LINE, "%ul , %ul\r\n", rp, lp);
snprintf() first appeared in 4.4BSD and is now in C99, so any modern
system should support it by now.
ciao,
--
-- Jonathan Thornburg <[EMAIL PROTECTED]>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
