| To: | "H. Peter Anvin" <yyy@xxxxxxxxx> |
|---|---|
| Subject: | Re: Defect in XSH asctime() |
| From: | "Clive D.W. Feather" <yyyyy@xxxxxxxxx> |
| Date: | Tue, 23 Dec 2003 09:30:38 +0000 |
| Cc: | yyyyyyyyyyyyyyy@xxxxxxx, yyyyyyyyyyyyyyy@xxxxxxxxxxxxx |
| References: | <200312120217.CAA12802@xxxxxx> <20031215110941.GA31124@finch-staff-1.thus.net> <3FDF65CF.7070707@xxxxxx> |
H. Peter Anvin said: >> WG14 examined this issue quite a long time ago. We decided that the >> behaviour was simply undefined. There is no requirement that a particular >> string appear in the buffer, or even that the function call returns in a >> sensible state (or at all). It's *UNDEFINED*. > > I would classify that as a security hazard. So is much of the C Standard library when misused. The answer is to do validation elsewhere (though there are moves towards a new, secure, library). -- Clive D.W. Feather | Work: <yyyyy@xxxxxxxxx> | Tel: +44 20 8495 6138 Internet Expert | Home: <yyyyy@xxxxxxxxxx> | *** NOTE CHANGE *** Demon Internet | WWW: http://www.davros.org | Fax: +44 870 051 9937 Thus plc | | Mobile: +44 7973 377646 |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Defect in XSH system(), martin |
|---|---|
| Next by Date: | Re: Defect in XSH asctime(), Clive D.W. Feather |
| Previous by Thread: | Re: Defect in XSH asctime(), H. Peter Anvin |
| Next by Thread: | Re: Defect in XSH asctime(), H. Peter Anvin |
| Indexes: | [Date] [Thread] [All Lists] |