Skip to Content.
Sympa Menu

ndt-dev - Re: [ndt-dev] Replacing sprintf with snprintf

Subject: NDT-DEV email list created

List archive

Re: [ndt-dev] Replacing sprintf with snprintf


Chronological Thread 
  • From: Aaron Brown <>
  • To: Dominic Hamon <>
  • Cc:
  • Subject: Re: [ndt-dev] Replacing sprintf with snprintf
  • Date: Wed, 31 Oct 2012 18:24:02 -0400

Since all of the buffers are static sized, why not do:

+ snprintf(tmpstr, sizeof(tmpstr), "%s/%s", BASEDIR, LOGFILE);

instead of 

+ snprintf(tmpstr, TMPSTR_STRLEN, "%s/%s", BASEDIR, LOGFILE);

Gets rid of the #define's for temporary things

Cheers,
Aaron

On Oct 31, 2012, at 5:30 PM, Dominic Hamon <> wrote:

Hi

I noticed that there were a few instances of sprintf in the codebase that weren't taking into account the destination buffer's size. This seemed a little dangerous to me as buffer runs can lead to invalid data as well as buffer overflow attacks.

Attached is a patch that replaces every sprintf instance with a call to sprintf.

Dominic Hamon | Measurement Lab
<ndt-sprintf.patch>

TIP2013, University of Hawaii Mānoa
January 13 - January 17, 2013, Honolulu, HI
http://events.internet2.edu/2013/tip/




Archive powered by MHonArc 2.6.16.

Top of Page