security goals re strcpy/strcat/sprintf (Re: "Secure coding" audit checkers and Kerberos)
Nicolas.Williams at sun.com
Wed Oct 15 23:04:46 EDT 2008
On Wed, Oct 15, 2008 at 09:58:00PM -0500, Nicolas Williams wrote:
> On Wed, Oct 15, 2008 at 08:06:32PM -0400, Tom Yu wrote:
> > Known issues with the printf family on Solaris include some
> > "interesting" interpretations of the precision field for %s
> > specifiers, such as counting "column width" rather than bytes. This
> > can make dealing with gss_buffer_t and other such explicit-length
> > string-like data structures problematic, depending on the current
> > locale. Nico or other Sun folks, any thoughts on this?
> In other words, compile and link using the XPG4 or XPG6 options and
> you'll get the standard byte-counting, rather than column-counting
> I'm not sure what this means for _libraries_, however. I'm not sure
> whether libraries can have their own __xpg4 interposer that is local to
> their link map group. I'll inquire and let you know. Having this
> behavior selected by the application could certainly cause problems.
Sorry, I should have instantly known the answer. No, the library cannot
differently interpose on libc's view of the __xpg4 symbol. Therefore
the compilation/link options of the _application_ govern the
standards-compliance of *s*printf() with regards to string precision
(but not with regards to return value).
I'll file a bug about that too. That behavor strikes me as not a good
idea given library use of these functions.
More information about the krbdev