[reSIProcate] Issue compiling Security.cxx

Dario Bozzali Dario.Bozzali at ifmgroup.it
Tue Sep 10 08:13:07 CDT 2013 

Hello,

I tried the patch, but it didn't build using my environment. I had to swap c99_vsnprintf and c99_snprintf order declaration/definition and I had to add include of stdio.h file to have a successful build. See the changed code below. I don't know if my changes are the best solution.

Best regards,

Dario.

 

 

#ifdef _MSC_VER

 

#include <stdio.h>

 

#define snprintf c99_snprintf

 

inline int c99_vsnprintf(char* str, size_t size, const char* format, va_list ap)

{

    int count = -1;

 

    if (size != 0)

        count = _vsnprintf_s(str, size, _TRUNCATE, format, ap);

    if (count == -1)

        count = _vscprintf(format, ap);

 

    return count;

}

 

inline int c99_snprintf(char* str, size_t size, const char* format, ...)

{

    int count;

    va_list ap;

 

    va_start(ap, format);

    count = c99_vsnprintf(str, size, format, ap);

    va_end(ap);

 

    return count;

}

 

#endif // _MSC_VER

 

From: Daniel Pocock [mailto:daniel at pocock.com.au] 
Sent: martedì 10 settembre 2013 13.25
To: Dario Bozzali
Cc: Adam Roach; resiprocate-devel at resiprocate.org
Subject: Re: [reSIProcate] Issue compiling Security.cxx

 

On 09/09/13 20:03, Adam Roach wrote:

	On 9/9/13 11:23, Dario Bozzali wrote:

		I got the latest trunk revision of Resiprocate repository (10430), but I'm facing an issue while compiling Security.cxx using Visual Studio 2005.

		In particular the error that I obtain is the following one:

		1>.\ssl\Security.cxx(177) : error C3861: 'snprintf': identifier not found

		I think that it could be necessary to use _snprintf instead of snprintf function, for example using a define like in the excerpt of code that I reported below.

	
	The problem here is that snprintf() guarantees null termination, while Windows' _snprintf() does not (which can lead to some really nasty security bugs). Because of this flaw, the general guidance that I offer is that no one should ever use use Windows' _snprintf() -- it's fundamentally broken.
	
	I think what you really need to do is define a new function that wraps _snprintf_s, with a "count" argument set to "_TRUNCATE".



I just added one potential solution into rutil/compat.hxx

Can you try updating to r10434 and test it?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20130910/9fb9c21d/attachment.htm>

More information about the resiprocate-devel mailing list