ndt-dev - Re: [ndt-dev] Replacing sprintf with snprintf

Subject: NDT-DEV email list created

List archive

Re: [ndt-dev] Replacing sprintf with snprintf

From: Aaron Brown <>
To: Dominic Hamon <>
Cc:
Subject: Re: [ndt-dev] Replacing sprintf with snprintf
Date: Wed, 31 Oct 2012 18:24:02 -0400

Since all of the buffers are static sized, why not do:

+ snprintf(tmpstr, sizeof(tmpstr), "%s/%s", BASEDIR, LOGFILE);

instead of

+ snprintf(tmpstr, TMPSTR_STRLEN, "%s/%s", BASEDIR, LOGFILE);

Gets rid of the #define's for temporary things

Cheers,

Aaron

On Oct 31, 2012, at 5:30 PM, Dominic Hamon <> wrote:

Hi

I noticed that there were a few instances of sprintf in the codebase that weren't taking into account the destination buffer's size. This seemed a little dangerous to me as buffer runs can lead to invalid data as well as buffer overflow attacks.

Attached is a patch that replaces every sprintf instance with a call to sprintf.

Dominic Hamon | Measurement Lab
http://measurementlab.net

<ndt-sprintf.patch>

TIP2013, University of Hawaii Mānoa
January 13 - January 17, 2013, Honolulu, HI
http://events.internet2.edu/2013/tip/

[ndt-dev] Replacing sprintf with snprintf, Dominic Hamon, 10/31/2012
- Re: [ndt-dev] Replacing sprintf with snprintf, Aaron Brown, 10/31/2012
  - Re: [ndt-dev] Replacing sprintf with snprintf, Dominic Hamon, 10/31/2012

List archive

Re: [ndt-dev] Replacing sprintf with snprintf