[Announce] GnuPG 1.4 and 2.0 buffer overflow

Christian Biere christianbiere at gmx.de
Wed Nov 29 11:52:42 CET 2006

"How I wish C-90 had introduced asprintf or at least it would be available on more platforms."

Who needs printf-like functions to concatenate a bunch of strings? It's trivial to write a function
similar to asprintf() that takes no format string but simply a variable number of string arguments
to be concatened into a newly allocated buffer. The issue here was clearly the precalculation of
the assumed string length which is simply unnecessary.

Also, asprintf() returns an int instead of size_t. Yet another library function broken by design.


More information about the Gnupg-devel mailing list