Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Jan 2003 17:59:47 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Miguel Mendez <flynn@energyhq.homeip.net>
Cc:        hackers@freebsd.org
Subject:   Re: RFC: Adding a new (safer) data entry function to libdialog
Message-ID:  <20030121015947.GA7310@rot13.obsecurity.org>
In-Reply-To: <20030120121851.30ff961f.flynn@energyhq.homeip.net>
References:  <20030120121851.30ff961f.flynn@energyhq.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--vtzGhvizbBRQ85DL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jan 20, 2003 at 12:18:51PM +0100, Miguel Mendez wrote:
> Hello hackers,
>=20
> Currently, when one wants the user to enter data in a libdialog based
> program, one uses the following function:
>=20
>      int
>      dialog_inputbox(unsigned char *title, unsigned char *prompt,
> 		int height, int width, unsigned char *result);
>=20
> The problem this routine has, is that there's nowhere to specify the max
> length of the input buffer (think gets vs fgets here). I know that not
> many programs use this lib, or even if there are plans to EOL it, but
> this change could be helpful IMHO. My suggestion is to create a new
> function, e.g, dialog_inputbox_n that would let you specify the length
> of the input buffer. Comments? Ideas? If people find it useful I can
> come with patches, since the implementation would be trivial.

libdialog is rife with overflowable buffers..I'm not sure it would be
safe even with this input method.

Kris

--vtzGhvizbBRQ85DL
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+LKmTWry0BWjoQKURAnDTAKDLuIkDvNAQv3+cbAAyL3KhNQ3RyACgvfyD
BwCEyACQtzfwWTSN/lOUzJ0=
=WLns
-----END PGP SIGNATURE-----

--vtzGhvizbBRQ85DL--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121015947.GA7310>