diff -urN linux-2.6.11-rc5/lib/vsprintf.c linux/lib/vsprintf.c
--- linux-2.6.11-rc5/lib/vsprintf.c 2004-08-24 08:43:15.000000000 -0400
+++ linux/lib/vsprintf.c 2005-02-24 17:59:28.000000000 -0500
@@ -580,7 +580,7 @@
*/
int vsprintf(char *buf, const char *fmt, va_list args)
{
- return vsnprintf(buf, (~0U)>>1, fmt, args);
+ return vsnprintf(buf, INT_MAX, fmt, args);
}
EXPORT_SYMBOL(vsprintf);
@@ -601,7 +601,7 @@
int i;
va_start(args, fmt);
- i=vsprintf(buf,fmt,args);
+ i=vsnprintf(buf, INT_MAX, fmt, args);
va_end(args);
return i;
}
Brian Gerst <[email protected]> said:
> - Make sprintf call vsnprintf directly
> - use INT_MAX for sprintf and vsprintf
This is the size limit on what is written. 4GiB sounds a bit extreme...
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
Horst von Brand wrote:
> Brian Gerst <[email protected]> said:
>
>>- Make sprintf call vsnprintf directly
>>- use INT_MAX for sprintf and vsprintf
>
>
> This is the size limit on what is written. 4GiB sounds a bit extreme...
Sprintf has no limit, which is why it's generally bad to use it. I just
replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.
--
Brian Gerst
On Fri, 2005-02-25 at 07:28 -0500, Brian Gerst wrote:
> Horst von Brand wrote:
> > Brian Gerst <[email protected]> said:
> >
> >>- Make sprintf call vsnprintf directly
> >>- use INT_MAX for sprintf and vsprintf
> >
> >
> > This is the size limit on what is written. 4GiB sounds a bit extreme...
>
> Sprintf has no limit, which is why it's generally bad to use it. I just
> replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.
I can see the point of using PAGE_SIZE instead; and if someone really
wants more than that, he/she should use snprintf with a specified
size....
Brian Gerst <[email protected]> said:
> Horst von Brand wrote:
> > Brian Gerst <[email protected]> said:
> >
> >>- Make sprintf call vsnprintf directly
> >>- use INT_MAX for sprintf and vsprintf
> > This is the size limit on what is written. 4GiB sounds a bit extreme...
> Sprintf has no limit, which is why it's generally bad to use it. I just
> replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.
Which is the same as "no limit" in my book. Either you know a limit (in
which case vsprintf() is OK) or you don't (in which case vsnprintf() is
just obfuscation).
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
On Fri, 25 Feb 2005, Horst von Brand wrote:
> Brian Gerst <[email protected]> said:
> > Horst von Brand wrote:
> > > Brian Gerst <[email protected]> said:
> > >
> > >>- Make sprintf call vsnprintf directly
> > >>- use INT_MAX for sprintf and vsprintf
>
> > > This is the size limit on what is written. 4GiB sounds a bit extreme...
>
> > Sprintf has no limit, which is why it's generally bad to use it. I just
> > replaced an open coded ((~0U)>>1) value with the equivalent INT_MAX.
>
> Which is the same as "no limit" in my book. Either you know a limit (in
> which case vsprintf() is OK) or you don't (in which case vsnprintf() is
> just obfuscation).
Indeed. So the only place that is allowed to pass the `no limit' value to
snprintf() is in the sprintf() wrapper that calls snprintf().
Calls to sprintf() must not be converted to snprintf(..., `no limit', ...), so
it's easier to find them when doing buffer overflow audits.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- [email protected]
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds