On Fri, 25 Feb 2005, Horst von Brand wrote:
> Brian Gerst <[EMAIL PROTECTED]> said:
> > Horst von Brand wrote:
> > > Brian Gerst <[EMAIL PROTECTED]> said:
> > >
> > >>- Make sprintf call vsnprintf directly
> > >>- use INT_MAX for sprintf and vsprintf
>
> > > This is the size limit on what is written. 4GiB sounds a bit extreme...
>
> > Sprintf has no limit, which is why it's generally bad to use it. I just
> > replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.
>
> Which is the same as "no limit" in my book. Either you know a limit (in
> which case vsprintf() is OK) or you don't (in which case vsnprintf() is
> just obfuscation).
Indeed. So the only place that is allowed to pass the `no limit' value to
snprintf() is in the sprintf() wrapper that calls snprintf().
Calls to sprintf() must not be converted to snprintf(..., `no limit', ...), so
it's easier to find them when doing buffer overflow audits.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [EMAIL PROTECTED]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
