"Secure coding" audit checkers and Kerberos
Russ Allbery
rra at stanford.edu
Tue Oct 14 22:39:31 EDT 2008
Luke Howard <lukeh at padl.com> writes:
>> Likewise, there's a public domain version of snprintf that I've been
>> using for some time for systems that either don't have snprintf (rare
>> these days) or that have a buggy / pre-C99 version (all versions of
>> Solaris prior to 9).
>
> So, did Sun change the return value in Solaris 9?
Yes, or perhaps Solaris 10. I know they changed it, but don't remember
the point when that happened.
> snprintf() first appeared on Solaris 2.6 but its behaviour differs to
> most other platforms, in that it returns the number of bytes that would
> have been written regardless of buffer size.
I think you accidentally got that backwards. That's the behavior
everywhere else, and is required by C99, but Solaris returned -1 instead.
The other thing to watch out for with snprintf is that some
implementations (older Solaris again, IIRC) don't allow the size to be 0
and str to be NULL to get a count of how much space would be required.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list