In message <[EMAIL PROTECTED]> Brian Fundakowski Feldman writes: : Despite the fact that the buffer name[] was made to be exactly the : largest size, where sprintf() _would_be_safe_, some people insist : on using snprintf() "for stability". Don't get caught doing this. : If you find a strcat() (for example), see if it's safe. If it is, : then why replace it? No. You missed the point. It is called fail-safe programming. Even though today's use of sprintf is safe, changes to the program can make it unsafe in the future. snprintf remains safe through most, if not all, of those changes. The changes that make sprintf unsafe can be more subtle than the skills of the committer making the change, as the project frequently has novice people making changes. These should be caught, but aren't always. snprintf increases the likelyhood that these people will be able to make safe changes to the code. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
- Re: FreeBSD security auditing p... Jordan K. Hubbard
- Re: FreeBSD security audit... Peter Jeremy
- Re: FreeBSD security audit... David O'Brien
- Re: FreeBSD security auditing p... Warner Losh
- Re: FreeBSD security auditing project. Brian Fundakowski Feldman
- Re: FreeBSD security auditing proje... Peter Jeremy
- Re: FreeBSD security auditing p... Brian Fundakowski Feldman
- Re: FreeBSD security audit... Brad Knowles
- Re: FreeBSD security auditing proje... Jordan K. Hubbard
- Re: FreeBSD security auditing proje... Warner Losh
- Re: FreeBSD security auditing proje... Warner Losh
- Re: FreeBSD security auditing proje... Garrett Wollman
- Re: FreeBSD security auditing p... Michael Kennett
- Re: FreeBSD security auditing project. Mark Murray
- Re: FreeBSD security auditing project. Kris Kennaway
- Re: FreeBSD security auditing project. Mark Murray
- Re: FreeBSD security auditing project. David O'Brien
- Re: FreeBSD security auditing project. Kris Kennaway
- Re: FreeBSD security auditing project. Doug Rabson
- Re: FreeBSD security auditing proje... scanner
- Re: FreeBSD security auditing p... Robert Watson