Re: Unchecked sprintf/strcat?
Hi,
* TAKAHASHI Tamotsu [06-05-29 23:13:05 +0900] wrote:
* Mon May 29 2006 Rocco Rutte <pdmef@xxxxxxx>
* TAKAHASHI Tamotsu [06-05-29 22:31:12 +0900] wrote:
>Good. I can simply use OpenBSD's strlcat.
>(That needs a few lines in configure.ac.)
>Anyway, the current code doesn't use the return value at all.
That's a bad idea due to a license clash.
Oh I thought BSD code can be used in a GPL software like mutt.
Thanks for correcting me.
_I_ was wrong, sorry. It's legal to use it. My point was more that I think
it's overkill to replace our wrong usage of our code with a foreign (and
different licensed) implementation we'd then use instead.
For example, in the first place I'd prefer:
Three not-so-dangerous problems:
0) Some sprintf/strcat/strcpy are not marked as /* __XXX_CHECKED__ */.
Checking them and adding the comment.
1) Simple miscalculation about sizeof(helpstr), while they are CHECKED.
| mutt_make_help (buf, sizeof (buf), _("Exit "), menu_to_use, OP_EXIT);
| strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
While sizeof(buf)<=sizeof(helpstr) I see no real problem. If this
doesn't hold, maybe someone forgot to update/re-do the checks... which
we should do anyway now.
2) Silent truncation like bug #2205.
This bad, I agree. But we already have BUFFER and it could be used to
grow as needed regarding the input (like it's used for parsing config
files). But that would have drastic impact on the speed if used
everywhere (since that would be malloc() while now we don't need it).
bye, Rocco
--
:wq!