httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: bounds checking and vsprintf
Date Thu, 02 Jan 1997 20:25:10 GMT
Cliff Skolnick wrote:
> 
> 
> There is no easy way.  You can always limit string length in your output 
> by using things like %3d or %10s.  This will limit output to 3 and 10 
> characters respectively.  This makes caluculating the memory needed based 
> on your string, not the variables.

vbprintf has all the machinery needed, I think - it could probably be adapted,
but it certainly isn't an easy solution.

Cheers,

Ben.

> 
> Cliff
> 
> 
> On Tue, 31 Dec 1996, Marc Slemko wrote:
> 
> > How the heck do I do decent bounds checking with vsprintf?  vsnprintf
> > isn't portable enough, and I can't think of any other method that isn't a
> > horrible hack.
> 
> > (I'm hoping to have my buffer overflow patches ready for review tomorrow
> > or the day after; rewritelog() in mod_rewrite is one of the things I still
> > have to fix, and it uses vsprintf.  <sigh>) 
> 
> --
> Cliff Skolnick, Technical Consultant
> Steam Tunnel Operations
> cliff@steam.com, 415.297.5938
> http://www.steam.com/
> 

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Mime
View raw message