In message <20190711014729.gb23...@freebsd.org>, Alexey Dokuchaev writes: > On Wed, Jul 10, 2019 at 05:42:04PM +0000, Philip Paeps wrote: > > New Revision: 349890 > > URL: https://svnweb.freebsd.org/changeset/base/349890 > > > > Log: > > telnet: fix a couple of snprintf() buffer overflows > > > > Modified: head/contrib/telnet/telnet/commands.c > > @@ -1655,10 +1655,11 @@ env_init(void) > > char hbuf[256+1]; > > char *cp2 = strchr((char *)ep->value, ':'); > > > > - gethostname(hbuf, 256); > > - hbuf[256] = '\0'; > > - cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1); > > - sprintf((char *)cp, "%s%s", hbuf, cp2); > > Would it make sense to add something like __attribute__ ((deprecated)) > to those unsafe functions like gets(), sprintf(), etc.? Or it would > cause too much PITA?
sprintf() is not deprecated (https://en.cppreference.com/w/c/io/fprintf) . gets() is removed in C11 (https://en.cppreference.com/w/c/io/gets), replaced by gets_s(). We already have gets_s(). We need printf_s(), sprintf_s() and snprintf_s(). -- Cheers, Cy Schubert <cy.schub...@cschubert.com> FreeBSD UNIX: <c...@freebsd.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"