Feb. 6, 2007, 7:43 p.m.

Evasive Security

I was busy implementing a system for a client using C++ on Win32 when I had to use the sprintf function. As I knew it was insecure I looked up the function's details - only to be caught in an infinite web of evasion.

An exert from MSDN:

Security Note There is no way to limit the number of characters written, which means that code using sprintf is susceptible to buffer overruns. Consider using the related function _snprintf, which specifies a maximum number of characters to be written to buffer, or use _scprintf to determine how large a buffer is required. Also, ensure that format is not a user-defined string.

Ok fine - I then went to lookup the definition of _snprintf again at MSDN

But oh my! Look at what I found:

Security Note Ensure that format is not a user-defined string. This function does not guarantee NULL termination, so ensure it is followed by sz[ ARRAYSIZE(sz) - 1] = 0. For more information, see Avoiding Buffer Overruns.

FINE so I went and searched a bit more and found _snprintf_s here.

Finally! What a mission...