[Mailman-Users] rc3 compile failure under OSF4

Trevor Johnson trevor at jpj.net
Wed Jul 14 16:34:39 CEST 1999

> ld:
> Unresolved:
> vsnprintf

OSF/1 doesn't have that function.  However, someone wrote a substitute.
I've appended his message, which I found at the URL:

06-29&msg=199806281748.NAA01264 at alcor.concordia.ca
Trevor Johnson

To: BugTraq
Subject: Re: patch for qpopper remote exploit bug
Date: Sun Jun 28 1998 13:48:54
Author: Steven Winikoff
Message-ID: <199806281748.NAA01264 at alcor.concordia.ca>
I apologize for not replying directly to Bugtraq for the sake of proper
threading, but I'm not actually subscribed, so I saw your message on
the archive at http://geek-girl.com/bugtraq/.

Anyhow, you said:

>Digital Unix 3.2G does not seem to have either vsnprintf or snprintf.

Neither does 4.0B.

>However, qpopper under Digital Unix 3.2G does not seem to show the
>vulnerability as discussed on this list even though it contains the
>vulnerable code.

I'm glad to hear that. :-)  Nevertheless I installed a patched version
of qpop-2.4 last night on our DEC Unix 4.0B POP server.

I used the following hacked vsnprintf() interface, which I wrote myself
after giving up on finding source elsewhere (eg, the NetBSD version,
which is totally incompatible with the definition of (struct FILE) on
DEC Unix).

This version follows the semantics for vsnprintf() as found in
NetBSD/386 1.2:

8<----------------------------   cut here   -------------------------->8
#include <stdarg.h>
#include <stdio.h>
#include <string.h>

 *   vsnprintf() -- hacked interface, because DEC OSF/1 doesn't
 *                  have the real thing...
 *   Steven Winikoff
 *   1998/06/27
 *   This code is rather feeble-minded; all it does is truncate the
 *   given string temporarily, call vsprintf() to "print" it, and
 *   then restore the original string.
 *   We return whatever we got from vsprintf().

int vsnprintf(char *str, size_t n, const char *fmt, va_list ap)
   int  result;
   char c;

   /**  do we even need to bother?  **/

   if (strlen(str) < n) return(vsprintf(str, fmt, ap));

   /**  okay, truncate, call vsprintf(), and restore:  **/

   c        = str[n-1];
   str[n-1] = '\0';                   /* take that! :-)         */
   result   = vsprintf(str, fmt, ap); /* do the write thing :-) */
   str[n-1] = c;                      /* all better now :-)     */

8<----------------------------   cut here   -------------------------->8

I don't know if this is helpful at all, but I figured I should pass it
on anyway just in case.

     - Steven
Steven Winikoff                | "One of the main causes of the fall of
Concordia University           |  the Roman Empire was that, lacking
Montreal, QC, Canada           |  zero, they had no way to indicate
smw at alcor.concordia.ca         |  successful termination of their C
http://alcor.concordia.ca/~smw |  programs."              - Robert Firth

More information about the Mailman-Users mailing list