From owner-freebsd-current  Tue Nov 23 23:47:47 1999
Delivered-To: freebsd-current@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3FEB514EFC; Tue, 23 Nov 1999 23:47:43 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA12017;
	Wed, 24 Nov 1999 00:45:13 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA18867; Wed, 24 Nov 1999 00:45:33 -0700 (MST)
Message-Id: <199911240745.AAA18867@harmony.village.org>
To: Brian Fundakowski Feldman <green@FreeBSD.ORG>
Subject: Re: FreeBSD security auditing project. 
Cc: peter.jeremy@alcatel.com.au,
	Kris Kennaway <kris@hub.freebsd.org>, current@FreeBSD.ORG
In-reply-to: Your message of "Tue, 23 Nov 1999 23:33:14 EST."
		<Pine.BSF.4.10.9911232317170.40485-100000@green.dyndns.org> 
References: <Pine.BSF.4.10.9911232317170.40485-100000@green.dyndns.org>  
Date: Wed, 24 Nov 1999 00:45:33 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <Pine.BSF.4.10.9911232317170.40485-100000@green.dyndns.org> Brian Fundakowski Feldman writes:
: Despite the fact that the buffer name[] was made to be exactly the
: largest size, where sprintf() _would_be_safe_, some people insist
: on using snprintf() "for stability".  Don't get caught doing this.
: If you find a strcat() (for example), see if it's safe.  If it is,
: then why replace it?

No.  You missed the point.  It is called fail-safe programming.  Even
though today's use of sprintf is safe, changes to the program can make
it unsafe in the future.  snprintf remains safe through most, if not
all, of those changes.  The changes that make sprintf unsafe can be
more subtle than the skills of the committer making the change, as the
project frequently has novice people making changes.  These should be
caught, but aren't always.  snprintf increases the likelyhood that
these people will be able to make safe changes to the code.

Warner



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message