Re: Unchecked sprintf/strcat?

To: Mutt Developers <mutt-dev@xxxxxxxx>
Subject: Re: Unchecked sprintf/strcat?
From: Rocco Rutte <pdmef@xxxxxxx>
Date: Mon, 29 May 2006 15:16:44 +0000
In-reply-to: <20060529141305.GD25125@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
Mail-followup-to: Mutt Developers <mutt-dev@xxxxxxxx>
Organization: Berlin University of Technology
References: <20060522081707.GQ3746@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20060522100413.GB13408@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20060522190830.GB3712@xxxxxxxxxx> <20060524111228.GE13408@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20060524132317.GC4719@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20060529125113.GA25125@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20060529130231.GG20104@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20060529133112.GB25125@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20060529133804.GA4481@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20060529141305.GD25125@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.11-pdmef

Hi,

* TAKAHASHI Tamotsu [06-05-29 23:13:05 +0900] wrote:

* Mon May 29 2006 Rocco Rutte <pdmef@xxxxxxx>

* TAKAHASHI Tamotsu [06-05-29 22:31:12 +0900] wrote:

>Good. I can simply use OpenBSD's strlcat.
>(That needs a few lines in configure.ac.)
>Anyway, the current code doesn't use the return value at all.

That's a bad idea due to a license clash.

Oh I thought BSD code can be used in a GPL software like mutt.
Thanks for correcting me.

_I_ was wrong, sorry. It's legal to use it. My point was more that I thinkit's overkill to replace our wrong usage of our code with a foreign (anddifferent licensed) implementation we'd then use instead.


For example, in the first place I'd prefer:

Three not-so-dangerous problems:
0) Some sprintf/strcat/strcpy are not marked as /* __XXX_CHECKED__ */.


Checking them and adding the comment.

1) Simple miscalculation about sizeof(helpstr), while they are CHECKED.
|  mutt_make_help (buf, sizeof (buf), _("Exit  "), menu_to_use, OP_EXIT);
|  strcat (helpstr, buf);       /* __STRCAT_CHECKED__ */

While sizeof(buf)<=sizeof(helpstr) I see no real problem. If thisdoesn't hold, maybe someone forgot to update/re-do the checks... whichwe should do anyway now.

2) Silent truncation like bug #2205.

This bad, I agree. But we already have BUFFER and it could be used togrow as needed regarding the input (like it's used for parsing configfiles). But that would have drastic impact on the speed if usedeverywhere (since that would be malloc() while now we don't need it).


  bye, Rocco
--
:wq!

Follow-Ups:
- Re: Unchecked sprintf/strcat?
  - From: TAKAHASHI Tamotsu

References:
- Re: Unchecked sprintf/strcat?
  - From: Thomas Roessler
- Re: Unchecked sprintf/strcat?
  - From: TAKAHASHI Tamotsu
- Re: Unchecked sprintf/strcat?
  - From: Oswald Buddenhagen
- Re: Unchecked sprintf/strcat?
  - From: TAKAHASHI Tamotsu
- Re: Unchecked sprintf/strcat?
  - From: Rocco Rutte
- Re: Unchecked sprintf/strcat?
  - From: TAKAHASHI Tamotsu
- Re: Unchecked sprintf/strcat?
  - From: Thomas Roessler
- Re: Unchecked sprintf/strcat?
  - From: TAKAHASHI Tamotsu
- Re: Unchecked sprintf/strcat?
  - From: Rocco Rutte
- Re: Unchecked sprintf/strcat?
  - From: TAKAHASHI Tamotsu

Prev by Date: Re: Unchecked sprintf/strcat?
Next by Date: Re: Build system
Previous by thread: Re: Unchecked sprintf/strcat?
Next by thread: Re: Unchecked sprintf/strcat?
Index(es):
- Date
- Thread