> I have the same sort of beef with strncpy - if you overflow a strncpy, it > won't null terminate, and snprintf will do the same thing. You may no Who's snprintf doesn't null terminate? The OpenBSD man page reads: Snprintf(), vsnprintf(), asnprintf() and vasnprintf() will write at most size-1 of the characters printed into the output string (the size'th character then gets the terminating `\0'); if the return value is greater I otherwise agree that passing possible garbage on to other functions is not a recommended way to write secure programs. // marc
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:09 PDT