"Secure coding" audit checkers and Kerberos

Tom Yu tlyu at MIT.EDU
Wed Oct 15 17:14:16 EDT 2008

John Hascall <john at iastate.edu> writes:

>> On Wed, Oct 15, 2008 at 03:49:05PM -0500, John Hascall wrote:
>> > > I disagree with the "far more baggage" characterization.  Particularly
>> > > if the alternative is to use memcpy() instead of strcpy().
>> > 
>> > While I can certainly understand the visceral dislike of memcpy
>> > for string copies -- implementing every possible doohicky that
>> > can go in a (GNU extended) *printf format string is a whole lot
>> > of baggage.
>> But you don't need to.  You can implement asprintf() ontop of even an
>> old snprintf() -- just realloc() if snprintf() > the allocated buffer.
>   1) snprintf is also non-standard

snprintf is in C99.  Is that good enough for "standard"?

>   2) there are some horrible snprintf's out there,
>      including ones which do little more than call sprintf!

What platforms are these on?  I think that we do not want to go to
extreme lengths working around vulnerabilities in OS C libraries.

More information about the krbdev mailing list