"Secure coding" audit checkers and Kerberos

[Nicolas Williams]

On Wed, Oct 15, 2008 at 03:49:05PM -0500, John Hascall wrote:
> > I disagree with the "far more baggage" characterization.  Particularly
> > if the alternative is to use memcpy() instead of strcpy().
> 
> While I can certainly understand the visceral dislike of memcpy
> for string copies -- implementing every possible doohicky that
> can go in a (GNU extended) *printf format string is a whole lot
> of baggage.

But you don't need to.  You can implement asprintf() ontop of even an
old snprintf() -- just realloc() if snprintf() > the allocated buffer.

Nico
--