Re: FreeBSD security auditing project.

[Warner Losh]

In message <[EMAIL PROTECTED]> Brian 
Fundakowski Feldman writes:
: Despite the fact that the buffer name[] was made to be exactly the
: largest size, where sprintf() _would_be_safe_, some people insist
: on using snprintf() "for stability".  Don't get caught doing this.
: If you find a strcat() (for example), see if it's safe.  If it is,
: then why replace it?

No.  You missed the point.  It is called fail-safe programming.  Even
though today's use of sprintf is safe, changes to the program can make
it unsafe in the future.  snprintf remains safe through most, if not
all, of those changes.  The changes that make sprintf unsafe can be
more subtle than the skills of the committer making the change, as the
project frequently has novice people making changes.  These should be
caught, but aren't always.  snprintf increases the likelyhood that
these people will be able to make safe changes to the code.

Warner



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message