Re: small c problem
On Wed, Jun 30, 1999 at 08:30:51PM -0700, Darren O. Benham wrote:
> No, well, yes.. well.. for starters, you need a buffer, not a pointer.
> rad_cmd has no space to hold "number:444". Change it to
> char rad_cmd[x] where x is some number that will hold the maximum size of
> the string + 1.
> Then you can do...
> sprintf( rad_cmd, "number:%u", freq_num );
Please accomodate this paranoid, if you would...
snprintf() is better than sprintf(), both for reliability and for
security reasons. snprintf() takes a length parameter, and will not
fill the buffer past its end. Using sprintf() (and strcat() for that
matter, and all manner of other string functions) in setuid and
root-owned processes is the #1 cause of security problems under both
Unix and NT.
Yes, this use of sprintf() is likely OK, since you control the one
variable used. And perhaps this won't be root-owned or setuid in
normal circumstances. Still, it's a good habit to get into.
No offense intended or implied of anyone. Please don't get ruffled;
I'd rather be a bit paranoid than see Debian's name front and center
on bugtraq any more than it has to.