sprintf [message #306471] |
Sat, 29 December 2007 11:07 |
cnc95fan
Messages: 1261 Registered: July 2007
Karma: 0
|
General (1 Star) |
|
|
Hi, theres no real way as to how to find out (as a newb) how the sprintf function works.. If anyone here wouldn't mind explaining, I'de like to know for a coustom script I'm trying to make.
Thanks in advance.
|
|
|
|
|
|
|
Re: sprintf [message #306529 is a reply to message #306471] |
Sat, 29 December 2007 17:49 |
=HT=T-Bird
Messages: 712 Registered: June 2005
Karma: 0
|
Colonel |
|
|
NEVER NEVER NEVER pass any string that is created from user input to printf() and friends as a format string, otherwise you'd have a security hole on your hands
HTT-Bird (IRC)
HTTBird (WOL)
Proud HazTeam Lieutenant.
BlackIntel Coder & Moderator.
If you have trouble running BIATCH on your FDS, have some questions about a BIATCH message or log entry, or think that BIATCH spit out a false positive, PLEASE contact the BlackIntel coding team and avoid wasting the time of others.
|
|
|
Re: sprintf [message #306533 is a reply to message #306529] |
Sat, 29 December 2007 18:41 |
|
jnz
Messages: 3396 Registered: July 2006 Location: 30th century
Karma: 0
|
General (3 Stars) |
|
|
=HT=T-Bird wrote on Sun, 30 December 2007 00:49 | NEVER NEVER NEVER pass any string that is created from user input to printf() and friends as a format string, otherwise you'd have a security hole on your hands
|
You'd never do that anyway, asking the user to input a format string is too much these days.
[Updated on: Sat, 29 December 2007 18:41] Report message to a moderator
|
|
|
|
|
|
|
Re: sprintf [message #306630 is a reply to message #306627] |
Sun, 30 December 2007 06:34 |
=HT=T-Bird
Messages: 712 Registered: June 2005
Karma: 0
|
Colonel |
|
|
Sir Kane wrote on Sun, 30 December 2007 06:36 | And you might want to use _snprintf instead.
|
Good idea SK, we don't want anyone overflowing any buffers either
HTT-Bird (IRC)
HTTBird (WOL)
Proud HazTeam Lieutenant.
BlackIntel Coder & Moderator.
If you have trouble running BIATCH on your FDS, have some questions about a BIATCH message or log entry, or think that BIATCH spit out a false positive, PLEASE contact the BlackIntel coding team and avoid wasting the time of others.
|
|
|