From owner-freebsd-hackers Mon Jan 20 17:59:50 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF79637B401 for ; Mon, 20 Jan 2003 17:59:48 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-64-169-106-179.dsl.lsan03.pacbell.net [64.169.106.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F2B443ED8 for ; Mon, 20 Jan 2003 17:59:48 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id DF73766B60; Mon, 20 Jan 2003 17:59:47 -0800 (PST) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id B656F163D; Mon, 20 Jan 2003 17:59:47 -0800 (PST) Date: Mon, 20 Jan 2003 17:59:47 -0800 From: Kris Kennaway To: Miguel Mendez Cc: hackers@freebsd.org Subject: Re: RFC: Adding a new (safer) data entry function to libdialog Message-ID: <20030121015947.GA7310@rot13.obsecurity.org> References: <20030120121851.30ff961f.flynn@energyhq.homeip.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vtzGhvizbBRQ85DL" Content-Disposition: inline In-Reply-To: <20030120121851.30ff961f.flynn@energyhq.homeip.net> User-Agent: Mutt/1.4i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 20, 2003 at 12:18:51PM +0100, Miguel Mendez wrote: > Hello hackers, >=20 > Currently, when one wants the user to enter data in a libdialog based > program, one uses the following function: >=20 > int > dialog_inputbox(unsigned char *title, unsigned char *prompt, > int height, int width, unsigned char *result); >=20 > The problem this routine has, is that there's nowhere to specify the max > length of the input buffer (think gets vs fgets here). I know that not > many programs use this lib, or even if there are plans to EOL it, but > this change could be helpful IMHO. My suggestion is to create a new > function, e.g, dialog_inputbox_n that would let you specify the length > of the input buffer. Comments? Ideas? If people find it useful I can > come with patches, since the implementation would be trivial. libdialog is rife with overflowable buffers..I'm not sure it would be safe even with this input method. Kris --vtzGhvizbBRQ85DL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+LKmTWry0BWjoQKURAnDTAKDLuIkDvNAQv3+cbAAyL3KhNQ3RyACgvfyD BwCEyACQtzfwWTSN/lOUzJ0= =WLns -----END PGP SIGNATURE----- --vtzGhvizbBRQ85DL-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message