Re: sprintf security holes?

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Morten Welinder <mwelinder@gmail.com>
To: "Randal L. Schwartz" <merlyn@stonehenge.com>
Cc: git@vger.kernel.org
Subject: Re: sprintf security holes?
Date: Fri, 16 Sep 2005 12:11:16 -0400	[thread overview]
Message-ID: <118833cc05091609111fd4d2d8@mail.gmail.com> (raw)
In-Reply-To: <86zmqd5aey.fsf@blue.stonehenge.com>

> Since sprintf() can lead to buffer overflows from unprotected user
> data, and you want to use git in server situtations, wouldn't it be
> prudent to eliminate those in some near-ish timeframe?

I assume you mean make them into snprintf calls.

I don't think that really buys you anything, i.e., there would still be far
too many places where character pointers are derefenced and
assigned to.  You would probably have to create a small (and thus
auditable) generic strings library and do all string creation within
that.  That is certainly feasible, but evidently not Linus style.

There really is nothing wrong with sprintf that couldn't be said to be
wrong with snprintf, strcpy, strncpy, *p++ = 0, etc.  If you don't have
the right amount of memory allocated, you lose.  (Yes, that goes for
the "n" versions too, although in many cases you could syntactically
check that a "sizeof" was used.  Then you just get to worry whether
random truncation introduced other security problems.)

Morten

next prev parent reply	other threads:[~2005-09-16 16:11 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-09-16 14:56 sprintf security holes? Randal L. Schwartz
2005-09-16 16:11 ` Morten Welinder [this message]
2005-09-16 21:36 ` [Was Re: sprintf security holes?] Building on OpenBSD Peter Eriksen
2005-09-19  7:42 ` sprintf security holes? Junio C Hamano
2005-09-19 12:42   ` Sven Verdoolaege

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=118833cc05091609111fd4d2d8@mail.gmail.com \
    --to=mwelinder@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=merlyn@stonehenge.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).