[Cryptography] defaults, black boxes, APIs, and other engineering thoughts
Bill Frantz
frantz at pwpconsult.com
Mon Jan 6 20:08:08 EST 2014
On 1/6/14 at 1:01 PM, jthorn at astro.indiana.edu (Jonathan
Thornburg) wrote:
>Indeed, how many binaries on *your* laptop still use gets() and sprintf()?
Well, it is barely possible to use sprintf() securely, although
it is hard and very error prone. I would prefer to be counting
hollerith fields in Fortran II format statements. (At least with
format statements you are likely to find out quickly that you
miscounted.) There is no hope for gets().
-----------------------------------------------------------------------
Bill Frantz | gets() remains as a monument | Periwinkle
(408)356-8506 | to C's continuing support of | 16345
Englewood Ave
www.pwpconsult.com | buffer overruns. | Los Gatos,
CA 95032
More information about the cryptography
mailing list