On Thu, May 09, 2002 at 08:33:41PM -0500, Alexandre Julliard wrote:
Log message: Steven Edwards Steven_Ed4153@yahoo.com Detect snprintf && _snprintf, use _snprintf on stupid platforms (windows).
I'm afraid that this is the wrong solution to this problem: People using sNprintf do this sometimes for security reasons. Just ignoring the length is very likely to cause some problems with applications that would have been otherwise secure (I'm thinking of chatclients etc). snprintf should either be implemented or the application simply should not work, but making a secure app insecure is not the way to go.
ciao Jörg
-- Joerg Mayer jmayer@loplof.de I found out that "pro" means "instead of" (as in proconsul). Now I know what proactive means.
I'm afraid that this is the wrong solution to this problem: People using sNprintf do this sometimes for security reasons. Just ignoring the length is very likely to cause some problems with applications that would have been otherwise secure (I'm thinking of chatclients etc). snprintf should either be implemented or the application simply should not work, but making a secure app insecure is not the way to go.
I thought they were the same save this :
The _snprintf vs. snprintf alternative seems to be caused by conflicting standards: AFAIK Ansi/ISO C requires all non-standard functions added by the compiler to start with "_" , whereas POSIX requires all its standard functions not to start with "_".
__________________________________________________ Do You Yahoo!? Yahoo! Shopping - Mother's Day is May 12th! http://shopping.yahoo.com
On Fri, May 10, 2002 at 07:18:41AM -0700, Steven Edwards wrote:
I thought they were the same save this :
The _snprintf vs. snprintf alternative seems to be caused by conflicting standards: AFAIK Ansi/ISO C requires all non-standard functions added by the compiler to start with "_" , whereas POSIX requires all its standard functions not to start with "_".
You are right. I misread what the patch does. Sorry.
ciao Jörg
-- Joerg Mayer jmayer@loplof.de I found out that "pro" means "instead of" (as in proconsul). Now I know what proactive means.
-
Joerg Mayer -
Steven Edwards