On Sun, 14 Nov 1999, A.M. Kuchling wrote: > Making the caller responsible for this is error-prone. The danger, of > course, is a buffer overflow caused by generating an error string > that's larger than the buffer, possibly letting people execute > arbitrary code. We could add a test to the configure script for > vsnprintf() and use it when possible, but that only fixes the problem > on platforms which have it. Can we find an implementation of > vsnprintf() someplace? Apache has a safe implementation (they have reviewed the heck out of it for obvious reasons :-). In the Apache source distribution, it is located in src/ap/ap_snprintf.c. Cheers, -g -- Greg Stein, http://www.lyra.org/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4