Re: [PATCH] banning "unsafe" functions
Date: Wed, 06 Mar 2013 18:51:55 +0100
On 06-03-13 13:34, Daniel Stenberg wrote:
> As a result of the last security vulnerability we had, I'm adding new
> code to checksrc that will alert us on uses of (v)sprintf, strcat and
> gets in the code base.
> This is meant to be an additional tool to help us detect unsafe code
> easier, since all those functions are too easily use without careful
> considerations of all possible side-effects.
> I also had to clean up some code so that this wouldn't immediately start
> complaining! =)
> Comments or improvements?
You've used aprintf(). I personally love aprintf(), but OSX 10.6 and a
lot of older systems are not equipped with such beautiful feature.
Probably not even POSIX.
To do the same I recommend
count = snprintf(NULL, 0, "myformat");
buf = malloc(count);
snprintf(buf, count, "myformat");
Or solve it with macro-foo to introduce the equivalence of aprintf()
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature