I wish to know which of these two options is the more secure one to use:
#define MAXLEN 255
char buff[MAXLEN + 1]
sprintf(buff, "%.*s", MAXLEN, name)
snprintf(buff, MAXLEN, "%s", name)
My understanding is that both are same. Please suggest.
The two expressions you gave are not equivalent: sprintf
takes no argument specifying the maximum number of bytes to write; it simply takes a destination buffer, a format string, and a bunch of arguments. Therefore, it may write more bytes than your buffer has space for, and in so doing write arbitrary code. The %.*s
is not a satisfactory solution because:
strlen
; this is a measure of the number of characters in the string, not its length in memory (i.e. it doesn't count the null terminator).sprintf
version with respect to buffer overflows. With snprintf
, a fixed, clear maximum is set regardless of changes in the format string or input types.