You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1997/01/04 17:12:24 UTC

Re: summary of security issues

I prefer the idea of snprintf(), BUT, I envision a nightmare of bug
reports as we learn what systems lack it....


> Marc Slemko wrote:
> > 
> > On Sat, 4 Jan 1997, Dean Gaudet wrote:
> > 
> > > I wonder if we could "point" to an snprintf implementation, like the glibc
> > > one, maybe tweaked a bit.  So if it fails say ... you can #define it to
> > > sprintf or you can get this snprintf that is covered by the gnu library
> > > license.
> > 
> > I am not inclined to think overly highly of glibc.  In any case, it could
> > take some work to yank the snprintf out of glibc, because we really can't
> > expect people to use the whole glibc.  I'm not sure that a #define will
> > work, it may need to be an actual subroutine.
> > 
> 
> Seems to me that the snprintf() implementation in sendmail would be
> good for Apache... It doesn't support floating point, yet, but
> it's pretty portable. We could add that to util.c for those OSs
> that lack the real one.
> 
> PS: I have a "standalone" version of it available, ready to use.
> -- 
> ====================================================================
>       Jim Jagielski            |       jaguNET Access Services
>      jim@jaguNET.com           |       http://www.jaguNET.com/
>                   "Not the Craw... the CRAW!"