...
| Wiki Markup |
|---|
The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390|AA. Bibliography#VU#654390]. ISC DHCP makes use of the {{vsnprintf()}} function for writing various log file strings, which is defined in the Open Group Base Specifications Issue 6 \[[Open Group 2004|AA. Bibliography#Open Group 04]\] as well as C99 \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\]. For systems that do not support {{vsnprintf()}}, a C include file was created that defines the {{vsnprintf()}} function to {{vsprintf()}}, as shown in this noncompliant code example: |
| Code Block |
|---|
| bgColor | #FFcccc |
|---|
| lang | c#ffcccc |
|---|
|
#define vsnprintf(buf, size, fmt, list) \
vsprintf(buf, fmt, list)
|
...
The solution is to include an implementation of the missing function vsnprintf() to eliminate the dependency on external library functions when they are not available. This compliant solution assumes that __USE_ISOC99 is not defined on systems that fail to provide a vsnprintf() implementation.
| Code Block |
|---|
| bgColor | #ccccFF |
|---|
| lang | #ccccffc |
|---|
|
#include <stdio.h>
#ifndef __USE_ISOC99
/* reimplements vsnprintf() */
#include "my_stdio.h"
#endif
|
...
