"Secure coding" audit checkers and Kerberos
Tom Yu
tlyu at MIT.EDU
Wed Oct 15 22:55:40 EDT 2008
Nicolas Williams <Nicolas.Williams at sun.com> writes:
> On Wed, Oct 15, 2008 at 04:05:10PM -0500, John Hascall wrote:
>> 1) snprintf is also non-standard
>> 2) there are some horrible snprintf's out there,
>> including ones which do little more than call sprintf!
>
> The MIT-krb5-uses-snprintf() train departed long ago.
>
> The Consortium might well decide to [continue to] provide portable
> versions of these, or that MIT krb5 will not support platforms which do
> not provide at least working snprintf(). I would support either
> position.
>
> I do object to avoiding *s*printf(). If ultimately that means that MIT
Do you mean to say that you object to *not* avoiding sprintf, i.e.,
that you object to retaining any uses of sprintf?
More information about the krbdev
mailing list