Re: mass bug filing for undefined sn?printf use

To: debian-devel@lists.debian.org
Subject: Re: mass bug filing for undefined sn?printf use
From: Miguel Figueiredo <elmig@debianpt.org>
Date: Sun, 28 Dec 2008 09:11:39 +0000
Message-id: <[🔎] 1230455499.2599.2.camel@dv2585ep.belkin54g>
In-reply-to: <[🔎] 20081228084246.GE12532@outflux.net>
References: <[🔎] 20081228084246.GE12532@outflux.net>

Dom, 2008-12-28 às 00:42 -0800, Kees Cook escreveu:
> Hi,
> 
> I'd like to seek advice before I perform a mass-bug filing for this
> unstable (though semi-common) use of "sprintf" and "snprintf":
> 
>     sprintf(buf, "%s foo %d %d", buf, var1, var2);
> 
> This is used in many upstreams to perform a format-string-handling
> version of strcat.

[...]

This will be reported upstream?

Reply to:

References:
- mass bug filing for undefined sn?printf use
  - From: Kees Cook <kees@outflux.net>

Prev by Date: Re: Bug#503907: diffstat
Next by Date: Re: mass bug filing for undefined sn?printf use
Previous by thread: Re: mass bug filing for undefined sn?printf use
Next by thread: Re: mass bug filing for undefined sn?printf use
Index(es):
- Date
- Thread