httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Richards <p.richa...@elsevier.co.uk>
Subject Re: Possible security problem in referer_log_transaction... ? (fwd)
Date Mon, 18 Dec 1995 23:41:55 GMT
In reply to Ben Laurie who said
> 
> I did say "check length", not "arbitrarily truncate". I would consider a
> suitable response to length overflow to be to log an error and die. Good design
> is all very well, but the design needs checking.
> 

Ok, I responded to your message with some points that related to Sameer's
call to ban sprintf. Relying on snprintf to truncate long strings is not
good design :-)

-- 
  Paul Richards. Originative Solutions Ltd.
  Internet: paul@netcraft.co.uk, http://www.netcraft.co.uk
  Phone: 0370 462071 (Mobile), +44 1225 447500 (work)

Mime
View raw message