Date: Mon, 20 Jan 2003 17:59:47 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Miguel Mendez <flynn@energyhq.homeip.net> Cc: hackers@freebsd.org Subject: Re: RFC: Adding a new (safer) data entry function to libdialog Message-ID: <20030121015947.GA7310@rot13.obsecurity.org> In-Reply-To: <20030120121851.30ff961f.flynn@energyhq.homeip.net> References: <20030120121851.30ff961f.flynn@energyhq.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 20, 2003 at 12:18:51PM +0100, Miguel Mendez wrote: > Hello hackers, >=20 > Currently, when one wants the user to enter data in a libdialog based > program, one uses the following function: >=20 > int > dialog_inputbox(unsigned char *title, unsigned char *prompt, > int height, int width, unsigned char *result); >=20 > The problem this routine has, is that there's nowhere to specify the max > length of the input buffer (think gets vs fgets here). I know that not > many programs use this lib, or even if there are plans to EOL it, but > this change could be helpful IMHO. My suggestion is to create a new > function, e.g, dialog_inputbox_n that would let you specify the length > of the input buffer. Comments? Ideas? If people find it useful I can > come with patches, since the implementation would be trivial. libdialog is rife with overflowable buffers..I'm not sure it would be safe even with this input method. Kris --vtzGhvizbBRQ85DL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+LKmTWry0BWjoQKURAnDTAKDLuIkDvNAQv3+cbAAyL3KhNQ3RyACgvfyD BwCEyACQtzfwWTSN/lOUzJ0= =WLns -----END PGP SIGNATURE----- --vtzGhvizbBRQ85DL-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121015947.GA7310>