[CF-Devel] sprintf bad, snprintf good
Bob Tanner
tanner at real-time.com
Fri May 25 13:40:17 CDT 2001
I was looking through the socket code for the metaserver routines and I see a
significant use of sprintf and strcpy. I hate these functions.
Being an ISP I fight a war with hackers almost daily. The 2 most used attacks
are buffer overflows and format string vulnerabilities.
sprintf and strcpy are 2 of the most exploited function calls.
Can I replace these with snprintf and strncpy?
Can I recommend that we use the 'n' string functions for this day forth?
--
Bob Tanner <
tanner at real-time.com
> | Phone : (952)943-8700
http://www.mn-linux.org
| Fax : (952)943-8500
Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9
More information about the crossfire
mailing list