Re: small c problem
Jeff Licquia <jeff@luci.org> writes:
> On Wed, Jun 30, 1999 at 08:30:51PM -0700, Darren O. Benham wrote:
> >
> > No, well, yes.. well.. for starters, you need a buffer, not a pointer.
> > rad_cmd has no space to hold "number:444". Change it to
> > char rad_cmd[x] where x is some number that will hold the maximum size of
> > the string + 1.
> >
> > Then you can do...
> >
> > sprintf( rad_cmd, "number:%u", freq_num );
>
> Please accomodate this paranoid, if you would...
>
> snprintf() is better than sprintf(), both for reliability and for
> security reasons. snprintf() takes a length parameter, and will not
> fill the buffer past its end. Using sprintf() (and strcat() for that
> matter, and all manner of other string functions) in setuid and
> root-owned processes is the #1 cause of security problems under both
> Unix and NT.
>
> Yes, this use of sprintf() is likely OK, since you control the one
> variable used. And perhaps this won't be root-owned or setuid in
> normal circumstances. Still, it's a good habit to get into.
Unfortunately, snprintf is a GNU extension and not generally available
on other Unixen. So I wouldn't use it without shipping the function
with the source (some projects do this).
Falk
Reply to: