Re: [PATCH] vsprintf.c cleanups

[Geert Uytterhoeven]

On Fri, 25 Feb 2005, Horst von Brand wrote:
> Brian Gerst <bgerst@xxxxxxxxxxxxx> said:
> > Horst von Brand wrote:
> > > Brian Gerst <bgerst@xxxxxxxxxxxxx> said:
> > > 
> > >>- Make sprintf call vsnprintf directly
> > >>- use INT_MAX for sprintf and vsprintf
> 
> > > This is the size limit on what is written. 4GiB sounds a bit extreme...
> 
> > Sprintf has no limit, which is why it's generally bad to use it.  I just 
> > replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.
> 
> Which is the same as "no limit" in my book. Either you know a limit (in
> which case vsprintf() is OK) or you don't (in which case vsnprintf() is
> just obfuscation).

Indeed. So the only place that is allowed to pass the `no limit' value to
snprintf() is in the sprintf() wrapper that calls snprintf().

Calls to sprintf() must not be converted to snprintf(..., `no limit', ...), so
it's easier to find them when doing buffer overflow audits.

Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/