| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200406241938.i5OJcRV5031778@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Evidence of a ISC being hacked? On Thu, 24 Jun 2004 11:22:18 PDT, VX Dude said: > Good point, personally I wouldn't think that making a > small wrapper would take that long, but then again I > havent done it, and I havent done it under stress and > a time crunch. I code for fun and not profit which is > pretty stress free. Writing a small wrapper doesn't do anything any better than just using a #define - the *basic* problem is that there's no way for any wrapper or preprocessor magic to know the "right" answer to the most crucial difference - vsnprintf takes a 'length' parameter, and you have 2 basic choices: 1) The wrapper/define/handwaving discards it and prays. 2) The replacement function does a proper job of doing a full enough emulation of vsnprintf to keep track of "length so far" and stop when it gets full (not as easy as you might think - for fun, compute how many bytes this takes: vsprintf(target,"%#'LG",foo); (Note the evilness involved in the ' flag, which is locale-dependent ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040624/042ccd07/attachment.bin
Powered by blists - more mailing lists