httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <>
Subject Re: and now back to snprintf (fwd)
Date Thu, 16 Jan 1997 02:46:17 GMT
Marc Slemko wrote:
> WRT your claim you can safely abort if there is an overflow: if you are
> able to exploit it, it is possible that the exploit would go into play
> when sprintf() does its return() depending on how they do it (ie. if they
> do something like overwriting the eip/pc/whatever your platform calls it). 
> If that happens, you will never GET to your abort. 

The point is that if we provide a simple wrapper, should it be brain-
dead and just cross our fingers and say "too bad" or should we
attempt to at least provide a wrapper that may, in some way, provide
some clues or some (admittedly minor) protection.

I vote that we either do NOT provide a last-ditch wrapper or, if
we do, it not be the simple snprintf->sprintf one. The former
is the best solution for the group; the latter opens us up to
nasty CERT advisories. If we decide to take that risk, we should do
all we can to minimize it, be that error logging or immediate
aborting or whatever. 
      Jim Jagielski            |       jaguNET Access Services           |
                  "Not the Craw... the CRAW!"

View raw message