Need Help from a C expert
Kevin Kofler
kevin.kofler at chello.at
Tue Jun 6 23:25:09 UTC 2006
Andy Shevchenko <andy at ...> writes:
> > Nevermind, I fixed this problem by simply removing the vsnprintf
> > function from the source file. It seems vsnprintf is a builtin system
> > function and there is no need to compile a new one.
> Due to security reasons the built in source function may be better than
> system one. I think the security audit of that code should be passed.
No. Duplicating system functions is never a good idea for security! If you have
a function in one location, it can be fixed once if it's broken. Who is going
to track down the thousands of broken copies of vsnprintf.c if a bug is found
in a commonly-copied implementation?
As for why the file doesn't build: -DFORTIFY_SOURCE defines vsnprintf as a
macro in order to do additional security checks on it (see again why replacing
system functions is not good for security?), so the function declaration (the
header of the function definition, actually) gets macro-expanded too, which
won't work. (The macro expansion expects to deal only with function uses, not
function declarations/definitions.) The easiest fix is exactly what has been
done: remove vsnprintf.c and just use the system one.
The reason the source code includes its own vsnprintf.c is that not all systems
have vsnprintf, it's a C99 function. Fedora does have it, so vsnprintf.c is
useless on Fedora.
Kevin Kofler
More information about the fedora-extras-list
mailing list