"Secure coding" audit checkers and Kerberos
Nicolas.Williams at sun.com
Wed Oct 15 16:54:26 EDT 2008
On Wed, Oct 15, 2008 at 03:49:05PM -0500, John Hascall wrote:
> > I disagree with the "far more baggage" characterization. Particularly
> > if the alternative is to use memcpy() instead of strcpy().
> While I can certainly understand the visceral dislike of memcpy
> for string copies -- implementing every possible doohicky that
> can go in a (GNU extended) *printf format string is a whole lot
> of baggage.
But you don't need to. You can implement asprintf() ontop of even an
old snprintf() -- just realloc() if snprintf() > the allocated buffer.
More information about the krbdev