[CF-Devel] sprintf bad, snprintf good
Mark Wedel
mwedel at scruznet.com
Fri May 25 19:25:35 CDT 2001
On Fri, 25 May 2001, Bob Tanner wrote:
>
I was looking through the socket code for the metaserver routines and I see a
>
significant use of sprintf and strcpy. I hate these functions.
>
>
Being an ISP I fight a war with hackers almost daily. The 2 most used attacks
>
are buffer overflows and format string vulnerabilities.
>
>
sprintf and strcpy are 2 of the most exploited function calls.
>
>
Can I replace these with snprintf and strncpy?
>
>
Can I recommend that we use the 'n' string functions for this day forth?
certainly strncpy is probably always a good idea. But of course, there
are times you know it is safe (when copying static data into the string
buffer).
Using snprintf is probably not a bad idea. But how common is snprintf?
I remember that at least as of a few years ago, there was a non trivial
number of systems that lacked that. This may be fixable by including
a proper version of snprintf in porting.c (a trivial version of course
it to just call sprintf without the length for systems that don't have it.)
But probably the biggest issue of string overflows will still be
strcat and appending to strings - unless you know how long the string is
that is being appended, those get harder to fix. And I worry a little about
putting strlen in all over the place to really make sure we don't do anything
bad - performance on that may be a bit of an issue.
More information about the crossfire
mailing list