security goals re strcpy/strcat/sprintf (Re: "Secure coding" audit checkers and Kerberos)

Nicolas Williams Nicolas.Williams at
Wed Oct 15 23:04:46 EDT 2008

On Wed, Oct 15, 2008 at 09:58:00PM -0500, Nicolas Williams wrote:
> On Wed, Oct 15, 2008 at 08:06:32PM -0400, Tom Yu wrote:
> > Known issues with the printf family on Solaris include some
> > "interesting" interpretations of the precision field for %s
> > specifiers, such as counting "column width" rather than bytes.  This
> > can make dealing with gss_buffer_t and other such explicit-length
> > string-like data structures problematic, depending on the current
> > locale.  Nico or other Sun folks, any thoughts on this?
> [...]
> In other words, compile and link using the XPG4 or XPG6 options and
> you'll get the standard byte-counting, rather than column-counting
> behavior.
> I'm not sure what this means for _libraries_, however.  I'm not sure
> whether libraries can have their own __xpg4 interposer that is local to
> their link map group.  I'll inquire and let you know.  Having this
> behavior selected by the application could certainly cause problems.

Sorry, I should have instantly known the answer.  No, the library cannot
differently interpose on libc's view of the __xpg4 symbol.  Therefore
the compilation/link options of the _application_ govern the
standards-compliance of *s*printf() with regards to string precision
(but not with regards to return value).

I'll file a bug about that too.  That behavor strikes me as not a good
idea given library use of these functions.


More information about the krbdev mailing list