"Secure coding" audit checkers and Kerberos

Nicolas Williams Nicolas.Williams at sun.com
Wed Oct 15 23:00:17 EDT 2008

On Wed, Oct 15, 2008 at 10:55:40PM -0400, Tom Yu wrote:
> Nicolas Williams <Nicolas.Williams at sun.com> writes:
> > On Wed, Oct 15, 2008 at 04:05:10PM -0500, John Hascall wrote:
> >>   1) snprintf is also non-standard
> >>   2) there are some horrible snprintf's out there,
> >>      including ones which do little more than call sprintf!
> >
> > The MIT-krb5-uses-snprintf() train departed long ago.
> >
> > The Consortium might well decide to [continue to] provide portable
> > versions of these, or that MIT krb5 will not support platforms which do
> > not provide at least working snprintf().  I would support either
> > position.
> >
> > I do object to avoiding *s*printf().  If ultimately that means that MIT
> Do you mean to say that you object to *not* avoiding sprintf, i.e.,
> that you object to retaining any uses of sprintf?

No, I meant what I wrote.  I object to *s*printf() avoidance.  I do
realize that that means checking for the correctness of a platform's
implementation, and it might mean avoiding precision specifiers for %s
(but I've not settled that yet; see my other reply).

More information about the krbdev mailing list