Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
The sprintf function is a "safe" function with regard to buffer overflows.
True
False
EDIT: Answer changed; see "Buffer Overruns and Overflows - OWASP" (https://www.owasp.org/index.php/BufferOverrunsand_Overflows)
"Worse again is using the %n directive in printf(). This directive takes an int* and writes the number of bytes so far to that location.
Where to look for this potential vulnerability. This issue is prevalent with the printf() family of functions, printf(),fprintf(), sprintf(), snprintf(). Also syslog() (writes system log information) and setproctitle(const char *fmt, ...); (which sets the string used to display process identifier information)."
EDIT : Also from https://www.owasp.org/index.php/BufferOverrunsand_Overflows , "C library functions such as strcpy (), strcat (), sprintf () and vsprintf () operate on null terminated strings and perform no bounds checking. gets () is another function that reads input (into a buffer) from stdin until a terminating newline or EOF (End of File) is found. The scanf () family of functions also may result in buffer overflows. Using strncpy(), strncat(), snprintf(), and fgets() all mitigate this problem by specifying the expected input"
EDIT: Security Note for snprintf and vsnprintf: The functions snprintf, vsnprintf, and variants are dangerous if used incorrectly. Although they do behave functionally like strlcat and similar in that they limit the bytes written to n-1, the length returned by these functions is the length that would have been printed if n were infinite.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.