"Secure coding" audit checkers and Kerberos

Jeffrey Hutzelman jhutz at cmu.edu
Wed Oct 15 11:54:18 EDT 2008

--On Tuesday, October 14, 2008 07:39:31 PM -0700 Russ Allbery 
<rra at stanford.edu> wrote:

> Luke Howard <lukeh at padl.com> writes:
>>> Likewise, there's a public domain version of snprintf that I've been
>>> using for some time for systems that either don't have snprintf (rare
>>> these days) or that have a buggy / pre-C99 version (all versions of
>>> Solaris prior to 9).
>> So, did Sun change the return value in Solaris 9?
> Yes, or perhaps Solaris 10.  I know they changed it, but don't remember
> the point when that happened.
>> snprintf() first appeared on Solaris 2.6 but its behaviour differs to
>> most other platforms, in that it returns the number of bytes that would
>> have been written regardless of buffer size.
> I think you accidentally got that backwards.  That's the behavior
> everywhere else, and is required by C99, but Solaris returned -1 instead.
> The other thing to watch out for with snprintf is that some
> implementations (older Solaris again, IIRC) don't allow the size to be 0
> and str to be NULL to get a count of how much space would be required.

The simple answer here is that the return value of snprintf simply cannot 
be relied upon, unless it has been tested.  In fact, it's not just Solaris 
that returned -1 when the buffer is too small; they were just late to 
change.  Many platforms used to behave that way.  The same goes for the 0/0 
call to determine the size, the results of which were undefined before C99.

-- Jeff

More information about the krbdev mailing list