"Secure coding" audit checkers and Kerberos
Nicolas Williams
Nicolas.Williams at sun.com
Wed Oct 15 17:16:18 EDT 2008
On Wed, Oct 15, 2008 at 04:05:10PM -0500, John Hascall wrote:
> 1) snprintf is also non-standard
> 2) there are some horrible snprintf's out there,
> including ones which do little more than call sprintf!
The MIT-krb5-uses-snprintf() train departed long ago.
The Consortium might well decide to [continue to] provide portable
versions of these, or that MIT krb5 will not support platforms which do
not provide at least working snprintf(). I would support either
position.
I do object to avoiding *s*printf(). If ultimately that means that MIT
krb5 won't run on certain older systems, I really don't care. (And if
you think I'm biased, we still support Solaris 9, complete with the onld
snprintf() semantics. There is, of course, a bias towards "vendors" or
"distros" in what I write above. I don't apologize for it, though I do
disclose it.)
Nico
--
More information about the krbdev
mailing list