Received: by taz.hyperreal.com (8.6.12/8.6.5) id KAA23098;
 Thu, 16 May 1996 10:10:52 -0700
Received: from sierra.zyzzyva.com by taz.hyperreal.com (8.6.12/8.6.5) with
 ESMTP id KAA23091; Thu, 16 May 1996 10:10:47 -0700
Received: from zyzzyva.com (localhost [127.0.0.1]) by sierra.zyzzyva.com
 (8.7.5/8.6.11) with ESMTP id MAA14588 for <new-httpd@hyperreal.com>;
 Thu, 16 May 1996 12:10:43 -0500 (CDT)
Message-Id: <199605161710.MAA14588@sierra.zyzzyva.com>
To: new-httpd@hyperreal.com
Subject: Re: rprintf lives 
In-reply-to: ben's message of Thu, 16 May 1996 17:05:47 +0100.
         <9605161705.aa19370@gonzo.ben.algroup.co.uk>
X-uri: http://www.zyzzyva.com/
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 16 May 1996 12:10:43 -0500
From: Randy Terbush <randy@zyzzyva.com>
Sender: owner-new-httpd@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

> Randy Terbush wrote:
> > 
> > I took a stab at reimplementing rprintf() in hopes to eliminate some
> > of the incompatibility with older modules. Here's a patch relative
> > to current source.  If this does not get shot down, could someone
> > please commit it?
> 
> The reason rprintf has not been implemented in this way is the security risk
> associated with the fixed length buffer. In the old scheme of things it
> translated to an fprintf, which has no such problem. This is why there was all
> the talk of nabbing someone's printf code to incorporate.
> 
> Cheers,
> 
> Ben.

Using snprintf should eliminate the problem of overwriting the
buffer, no?  Admitedly, snprintf() may not exist on all OSs.

I did take a look at the printf code in FreeBSD. It's a lot of 
code. More than I have time for at the moment.