"Secure coding" audit checkers and Kerberos
Ken Raeburn
raeburn at MIT.EDU
Wed Oct 15 16:55:36 EDT 2008
On Oct 15, 2008, at 16:49, John Hascall wrote:
>> On Wed, Oct 15, 2008 at 03:16:06PM -0500, John Hascall wrote:
>>>> asprintf(&buf, "%s%s%s", s1, s2, s3);
>>>> if (buf == NULL)
>>>> return ENOMEM;
>>>> Love
>
>>> asprintf is a non-standard, and therefore
>>> sub-optimally portable, GNU extension --
>>> so you're still stuck writing something else
>>> (perhaps your own asprintf implementation,
>>> which is far more baggage than one needs
>>> to concat a few strings).
>
>> I disagree with the "far more baggage" characterization.
>> Particularly
>> if the alternative is to use memcpy() instead of strcpy().
>
> While I can certainly understand the visceral dislike of memcpy
> for string copies -- implementing every possible doohicky that
> can go in a (GNU extended) *printf format string is a whole lot
> of baggage.
If you have snprintf, you can build asprintf on top of it, without
reimplementing everything.
Ken
More information about the krbdev
mailing list