[zeromq-dev] Binding to TCP port 0

AJ Lewis aj.lewis at quantum.com
Mon Feb 13 17:01:51 CET 2012

On Sun, Feb 12, 2012 at 09:39:43AM +0100, Martin Lucina wrote:
> The use of sprintf() is a security hole if the user allocated not
> enough space at *addr. Please use snprintf() to ensure a maximum of
> len bytes (including the string terminator) are written to *addr.

Be aware that the Windows version (and some UNIX versions) behave
differently than the GCC snprintf.  For example, on Windows, if the
number of bytes required to store the data exceeds count, then count
bytes are stored, a negative values is returned, and the string is *not*
NULL terminated!  Quite annoying.

AJ Lewis
Software Engineer
Quantum Corporation

Work:    651 688-4346

The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt.

More information about the zeromq-dev mailing list