[Python-Dev] strncpy

Greg Stein gstein@lyra.org
Thu, 13 Jul 2000 01:54:25 -0700

On Thu, Jul 13, 2000 at 01:07:30AM -0500, Paul Prescod wrote:
> > Easy but tedious to
> > fix (e.g., #define the buf length, and use runtime code in 
> > conjunction with strncpy to guarantee buf's bounds are respected). 
> Let me suggest two non-tedious solutions so you can shoot them down:
> 1. 
> sprintf(buf, "Local variable referenced "
> 		"before assignment: %.128s",
> 		namestr);
> Rationale: if you don't know what variable I'm talking about after 128
> characters, you've got bigger problems than I can help with. I see this
> solution elsewhere in the code.
> 2. 
> Add an implementation of snprintf to our code and fix the other hundred
> or so sprintf occurrences to use it. Most of them are safe but it
> couldn't hurt to pass cleanly through those heuristic security checkers
> Here's one:
> http://www.ijs.si/software/snprintf/
> And there is one in Apache.

Actually, I looked into this a few months ago. There isn't a need to bulk up
Python with a complete snprintf() solution. We really only use a couple
format codes for generating error strings. Please see my note at:



Greg Stein, http://www.lyra.org/