Hi,
On Tue, Apr 15, 2014 at 11:12:29AM +0200, M. Braun wrote:
> Am 15.04.2014 09:42, schrieb Gert Doering:> char *
> > get_ssl_library_version(void)
> > {
> > static char polar_version[30];
> > unsigned int pv = version_get_number();
> > sprintf( polar_version, "PolarSSL %d.%d.%d",
> > (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
> > return polar_version;
> > }
> >
> > this is well-defined (polarssl/version.h), and guaranteed to not overflow.
>
> wouldn't be using snprintf with length sizeof(polar_version) instead of
> just sprintf be better as to make sure this will not be broken by
> accident in future?
How can this ever be broken? 0xff bounds the numbers to 3 digits,
there are only 3 numbers in there, which adds up to 21 bytes, at
maximum.
Now if someone changes that code to add more text, it might...
(but I actually tend to go back to the previous version, as PolarSSL
guarantees that they won't overrun these "magic 18 bytes", as that is
"2 digits for each number", and if they ever add more text to the
string, they will introduce a new API which is more sane than this - had
a side-track discussion with Paul and David on it, of which David missed
most due to his MTA bouncing all mails...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpsypimxX66R.pgp
Description: PGP signature
