Re: [leafnode-list] [ANNOUNCE] First Leafnode-2.0 beta version

[krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Cornelius Krasel)]

Phil Hunt wrote:
> On Wed, 25 Oct 2000, Cornelius Krasel wrote:
> > It is not easy to replace vsnprintf(). One could use vsprintf() instead,
> > but this would make Leafnode potentially vulnerable to buffer overflow
> > type attacks.
> 
> Would it not be possible to cut-and-paste the code for vsnprintf() into
> the Leafnode code (perhaps under a different name, to avoid conflicts)?

Nope, because of licensing problems.

2.0b3 will contain the following crude hack:

#ifndef HAVE_VSNPRINTF
/*
 * very poor replacement for vsnprintf(), only made to make Leafnode
 * compile on OSF1. Prone to buffer overflows.
 */
int vsnprintf( char *str, size_t n, const char *format, va_list ap ) {
    return( vsprintf( str, format, ap ) );
}
#endif /* HAVE_VSNPRINTF */

More elegant would be a real replacement similar to the snprintf()
replacement in miscutil.c.

--Cornelius.

PS: I fixed the leafwa URL.

-- 
/* Cornelius Krasel, U Wuerzburg, Dept. of Pharmacology, Versbacher Str. 9 */
/* D-97078 Wuerzburg, Germany   email: phak004@xxxxxxxxxxxxxxxxxxxxxx  SP4 */
/* "Science is the game we play with God to find out what His rules are."  */

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list