On Sat, 22 Feb 2003, Richard Kettlewell wrote:
> There is an internal #define (HAS_vsnprintf) that causes it to use
> vsnprintf() instead of vsprintf(), but this is not enabled by default,
> not tested for by the configure script, and not documented.
This is a fairly normal (and somewhat frightening) practice I've
seen in several popular packages.
Last I checked ISC dhcp has a #define for vsnprintf to be
vsprintf if the UNIX flavor did not support snprintf.
medusa: {29} cd dhcp-3.0pl2
medusa: {30} grep sprintf `find . -name "*.h"` | tail -10
./includes/cf/qnx.h:# define vsnprintf( buf, size, fmt, list ) vsprintf( buf, fbuf, list )
./includes/cf/sample.h: sprintf functions which will deposit a limited number of characters
./includes/cf/sample.h:#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)
./includes/cf/sco.h:/* SCO doesn't support limited sprintfs. */
./includes/cf/sco.h:#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)
./includes/cf/sunos4.h:/* SunOS doesn't support limited sprintfs. */
./includes/cf/sunos4.h:#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)
./includes/cf/sunos5-5.h:/* Solaris doesn't support limited sprintfs. */
./includes/cf/sunos5-5.h:#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)
./includes/cf/ultrix.h:#define vsnprintf(buf, size, fmt, list) vsprintf (buf, fmt, list)
I know that Ted Lemon, the primary author, is aware this. I've
mentioned it to him a while ago. I am also not aware of this
causing any security holes; although I honestly have not given
his source a security audit.
There are replacement 'snprintf' packages which avoid
this. Patrick Powell's replacement is used in Mutt (a popular
MUA) and has a very liberal license.
--
Thamer Al-Harbash http://www.whitefang.com/
team dresch made me do it
