Re: small c problem

[Falk Hueffner <falk.hueffner@student.uni-tuebingen.de>]

Jeff Licquia <jeff@luci.org> writes:

> On Wed, Jun 30, 1999 at 08:30:51PM -0700, Darren O. Benham wrote:
> > 
> > No, well, yes.. well.. for starters, you need a buffer, not a pointer.
> > rad_cmd has no space to hold "number:444".  Change it to 
> > char rad_cmd[x] where x is some number that will hold the maximum size of
> > the string + 1.
> > 
> > Then you can do...
> > 
> > sprintf( rad_cmd, "number:%u", freq_num );
> 
> Please accomodate this paranoid, if you would...
> 
> snprintf() is better than sprintf(), both for reliability and for
> security reasons.  snprintf() takes a length parameter, and will not
> fill the buffer past its end.  Using sprintf() (and strcat() for that
> matter, and all manner of other string functions) in setuid and
> root-owned processes is the #1 cause of security problems under both
> Unix and NT.
> 
> Yes, this use of sprintf() is likely OK, since you control the one
> variable used.  And perhaps this won't be root-owned or setuid in
> normal circumstances.  Still, it's a good habit to get into.

Unfortunately, snprintf is a GNU extension and not generally available
on other Unixen. So I wouldn't use it without shipping the function
with the source (some projects do this).



	Falk