"Secure coding" audit checkers and Kerberos
john at iastate.edu
Wed Oct 15 17:29:55 EDT 2008
> On Wed, Oct 15, 2008 at 04:05:10PM -0500, John Hascall wrote:
> > 1) snprintf is also non-standard
> > 2) there are some horrible snprintf's out there,
> > including ones which do little more than call sprintf!
> The MIT-krb5-uses-snprintf() train departed long ago.
So be it, but it does seem a little odd to be worried about
a code-analysis tool false-flaging perfectly safe uses of
strcpy/strcat and suggesting that the fix is to use some
thing known to have a whole array of missing/bad/dangerous
More information about the krbdev