"Secure coding" audit checkers and Kerberos

Ken Raeburn raeburn at MIT.EDU
Wed Oct 15 17:26:06 EDT 2008

On Oct 15, 2008, at 17:05, John Hascall wrote: [quoting Nico]
>> But you don't need to.  You can implement asprintf() ontop of even an
>> old snprintf() -- just realloc() if snprintf() > the allocated  
>> buffer.


>  1) snprintf is also non-standard

It's in C99, SUSv2, and POSIX 2004.  Between those and the popular  
implementations we'd need/want to deal with, we've got somewhat loose  
specifications on the return value, but otherwise AFAIK they're pretty  

>  2) there are some horrible snprintf's out there,
>     including ones which do little more than call sprintf!

Time for a security advisory for that OS, then.

We could throw in a configure test -- snprintf to a short automatic  
buffer with a large amount of stuff to write -- and see if it trashes  
the stack and crashes the program.  If so, refuse to build.  A runtime  
test might be better if binaries get distributed, but wastes cycles  
for reasonable platforms.

We could, if need be, include an snprintf implementation for platforms  
that either omit or seriously botch it.  Enough modern systems have it  
that I wouldn't be too upset about a quick hack that isn't efficient  
on those platforms, like I suggested last night.  But initially at  
least I'd be inclined not to worry about it until we hear of specific  


More information about the krbdev mailing list