On Fri, 25 May 2001, Bob Tanner wrote: > I was looking through the socket code for the metaserver routines and I see a > significant use of sprintf and strcpy. I hate these functions. > > Being an ISP I fight a war with hackers almost daily. The 2 most used attacks > are buffer overflows and format string vulnerabilities. > > sprintf and strcpy are 2 of the most exploited function calls. > > Can I replace these with snprintf and strncpy? > > Can I recommend that we use the 'n' string functions for this day forth? certainly strncpy is probably always a good idea. But of course, there are times you know it is safe (when copying static data into the string buffer). Using snprintf is probably not a bad idea. But how common is snprintf? I remember that at least as of a few years ago, there was a non trivial number of systems that lacked that. This may be fixable by including a proper version of snprintf in porting.c (a trivial version of course it to just call sprintf without the length for systems that don't have it.) But probably the biggest issue of string overflows will still be strcat and appending to strings - unless you know how long the string is that is being appended, those get harder to fix. And I worry a little about putting strlen in all over the place to really make sure we don't do anything bad - performance on that may be a bit of an issue.