[Announce] GnuPG 1.4 and 2.0 buffer overflow

Werner Koch wk at gnupg.org
Thu Nov 30 19:16:37 CET 2006

On Thu, 30 Nov 2006 17:30, christianbiere at gmx.de said:

> Actually, the "portability" argument supports my point of view because the
> printf() family is - as some would call it - "non-portable" due to the huge

Of course you may only use the C-90 defined format elements.  Things
like size_t and off_t are problem of course.

> read the manual pages at opengroup.org before I use a new feature and also
> those of IRIX and Solaris. However it's a shame that commercial vendors often
> provide a very poor flavour of Unix compared to the freely available variants.

For some functions that is true.  However, there are lot of older
systems in use and they won't get replaced in the near future.  The
vendor can't do anything but to provide important bug fixes.  API
changes are not possible.

> Agreed. However, don't blame it only on the students. I don't think you can

That was not my intention.  Of course, the teachers are responsible.



More information about the Gnupg-devel mailing list