httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: rprintf lives
Date Thu, 16 May 1996 17:10:43 GMT
> Randy Terbush wrote:
> > 
> > I took a stab at reimplementing rprintf() in hopes to eliminate some
> > of the incompatibility with older modules. Here's a patch relative
> > to current source.  If this does not get shot down, could someone
> > please commit it?
> 
> The reason rprintf has not been implemented in this way is the security risk
> associated with the fixed length buffer. In the old scheme of things it
> translated to an fprintf, which has no such problem. This is why there was all
> the talk of nabbing someone's printf code to incorporate.
> 
> Cheers,
> 
> Ben.

Using snprintf should eliminate the problem of overwriting the
buffer, no?  Admitedly, snprintf() may not exist on all OSs.

I did take a look at the printf code in FreeBSD. It's a lot of 
code. More than I have time for at the moment.





Mime
View raw message