"Barry A. Warsaw" wrote: > > >>>>> "PP" == Paul Prescod <paul@prescod.net> writes: > > PP> Add an implementation of snprintf to our code and fix the > PP> other hundred or so sprintf occurrences to use it. Most of > PP> them are safe but it couldn't hurt to pass cleanly through > PP> those heuristic security checkers > > PP> Here's one: > > PP> http://www.ijs.si/software/snprintf/ > > PP> And there is one in Apache. > > And one in Mailman, ripped from GNU screen. Because it's GPL'd it's > not appropriate for Python, but could serve as another source of > inspiration. So far, of the platforms people try to run Mailman on, > I've only found it necessary for Solaris 2.5. Isn't there one in FreeBSD which we could use (Python's license being very BSDish, this should be possible, I guess). Anyway, I think most platforms have their own snprintf() in the C lib, so the code would hardly ever be needed -- perhaps its even safe to revert to sprintf() on those platforms via a macro snprintf(). The reasoning here is simple: if the platform doesn't provide it, it's quite possibly unsafe in a network environment anyway, because many programs will use sprintf() instead of snprintf() and thus won't do much buffer overflow checking. -- Marc-Andre Lemburg ______________________________________________________________________ Business: http://www.lemburg.com/ Python Pages: http://www.lemburg.com/python/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4