On Tue, Dec 30, 2008 at 08:03:13PM +0100, Arthur de Jong wrote:
> I've just performed a test with the following code on my system (sid,
> hardening-wrapper not installed, compiled with gcc without any extra
> flags):
>
> char buf[20];
> strcpy(buf,"FOO");
> snprintf(buf,sizeof(buf),"%s%s",buf,"BAR");
> printf("%s\n",buf);
> strcpy(buf,"BAR");
> snprintf(buf,sizeof(buf),"%s%s","FOO",buf);
> printf("%s\n",buf);
>
> which returned
>
> BAR
> FOOFOO
Changing your code to "sprintf" (since snprintf unfortunately tends to be
in the minority still), the output for the first changes to "FOOBAR".
--
Kees Cook @debian.org
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
