security goals re strcpy/strcat/sprintf (Re: "Secure coding" audit checkers and Kerberos)
Tom Yu
tlyu at MIT.EDU
Thu Oct 16 08:36:21 EDT 2008
Greg Hudson <ghudson at MIT.EDU> writes:
> On Wed, 2008-10-15 at 21:58 -0500, Nicolas Williams wrote:
>> You use a precision field for %s? Where?
>
> Not often. Precision fields:
>
> ./src/kadmin/ktutil/ktutil_funcs.c: sprintf(promptstr, "Password for %.1000s", princ_str);
> ./src/kadmin/cli/kadmin.c: sprintf(prompt1, "Enter password for principal \"%.900s\"",
> ./src/kadmin/cli/kadmin.c: "Re-enter password for principal \"%.900s\"",
> ./src/kadmin/cli/kadmin.c: sprintf(prompt1, "Enter password for principal \"%.900s\"",
> ./src/kadmin/cli/kadmin.c: "Re-enter password for principal \"%.900s\"",
>
> The precision field in those uses can probably be removed if the calls
> are switched to use snprintf.
>
> We use field widths with %s in 33 places, but it's all printf and
> fprintf, not sprintf. Mostly in plugins/kdb.
We use %.*s (precision specified in an integer argument) in over 100
places, many of them in the libraries. Some of these are debugging
code, but some are for things like producing enhanced error message
strings. Some of these uses are to compensate for strings in
krb5_data or gss_buffer_t, which are not required to have null
termination.
More information about the krbdev
mailing list