[Python-Dev] strncpy

M.-A. Lemburg mal@lemburg.com
Thu, 13 Jul 2000 12:37:21 +0200

"Barry A. Warsaw" wrote:
> >>>>> "PP" == Paul Prescod <paul@prescod.net> writes:
>     PP> Add an implementation of snprintf to our code and fix the
>     PP> other hundred or so sprintf occurrences to use it. Most of
>     PP> them are safe but it couldn't hurt to pass cleanly through
>     PP> those heuristic security checkers
>     PP> Here's one:
>     PP> http://www.ijs.si/software/snprintf/
>     PP> And there is one in Apache.
> And one in Mailman, ripped from GNU screen.  Because it's GPL'd it's
> not appropriate for Python, but could serve as another source of
> inspiration.  So far, of the platforms people try to run Mailman on,
> I've only found it necessary for Solaris 2.5.

Isn't there one in FreeBSD which we could use (Python's license
being very BSDish, this should be possible, I guess).

Anyway, I think most platforms have their own snprintf() in
the C lib, so the code would hardly ever be needed -- perhaps
its even safe to revert to sprintf() on those platforms via
a macro snprintf(). 

The reasoning here is simple: if the platform
doesn't provide it, it's quite possibly unsafe in a network
environment anyway, because many programs will use sprintf()
instead of snprintf() and thus won't do much buffer overflow

Marc-Andre Lemburg
Business:                                      http://www.lemburg.com/
Python Pages:                           http://www.lemburg.com/python/