[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ftp: Cleanup port number to string conversion.
|
From: |
Collin Funk |
|
Subject: |
Re: ftp: Cleanup port number to string conversion. |
|
Date: |
Fri, 02 Aug 2024 23:13:22 -0700 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi Erik,
Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:
>> Thanks for looking into fixing warnings! :-)
There are many of them, so feel free to work on them. I won't be angry
if you finish fixing them before me. :)
>> > - snprintf (portstr, sizeof (portstr) - 1, "%u", port);
>> > + sprintf (portstr, "%u", port);
>> > memset (&hisctladdr, 0, sizeof (hisctladdr));
>> > memset (&hints, 0, sizeof (hints));
>> >
>>
>> I prefer the original code with snprintf() here, because it directly
>> shows that it does not overflow the buffer and that the last byte of
>> the buffer is unchanged.
>
> I'd still prefer keeping snprintf() here.
I was going to disagree since that macro allows all values between 0 -
65535.
However, I saw an old thread on bug-gnulib@gnu.org [1]. Apparently,
POSIX requires '%d' to use the portable character set (which grantees 1
byte per character). Other specifiers can do as they wish.
In practice, I don't think it should ever be a problem. But I guess
snprintf would be safer in that case...
Applied the patch changing the sprintf to:
+ snprintf (portstr, sizeof portstr, "%u", port);
Patch attached. Feel free to make changes if you see fit.
Collin
[1] https://lists.gnu.org/archive/html/bug-gnulib/2011-02/msg00119.html
0001-ftp-Cleanup-port-number-to-string-conversion.patch
Description: Text Data