bug in slnprintf

Jeremy Allison jallison at cthulhu.engr.sgi.com
Wed Dec 2 01:46:05 GMT 1998

Luke Kenneth Casson Leighton wrote:
> it doesn't null-terminate correctly, 

I take it you mean slprintf not slnprintf.

> or initialise the whole of the buffer
> to zero before use.  

It's not supposed to do that.

> %s\\%s with two string-pairs, one pair shorter than
> the other, shows up the previous pair:
> BUILTIN\Administrator
> TEST\rootdministrator
> in rpcclient lookupsids command, for example.

What length are you passing in that call.

The slprintf code *definately* null terminates
as far as I can tell from the code.

It calls vslprintf which is defined as :

-----------cut here--------------------------
/* this is like vsnprintf but the 'n' limit does not include
   the terminating null. So if you have a 1024 byte buffer then
   pass 1023 for n */
int vslprintf(char *str, int n, char *format, va_list ap)
    int ret = vsnprintf(str, n, format, ap);
    if (ret > n || ret < 0) {
        str[n] = 0;
        return -1;
    str[ret] = 0;
    return ret;

Maybe you have a broken vsnprintf that is not returning
the correct length ? What does your configure
output say about where the vsnprintf comes from ?

Are you still using slackware ? Does the libc5 vsnprintf
return the correct length ?


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list