From owner-freebsd-audit Mon Nov 6 12:59: 0 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id B11D137B479 for ; Mon, 6 Nov 2000 12:58:56 -0800 (PST) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id PAA40144; Mon, 6 Nov 2000 15:58:48 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20001024222716.B2020@lucifer.bart.nl> References: <20001024140510.G93799@lucifer.bart.nl> <20001024222716.B2020@lucifer.bart.nl> Date: Mon, 6 Nov 2000 15:58:46 -0500 To: Jeroen Ruigrok van der Werven , audit@FreeBSD.ORG From: Garance A Drosihn Subject: Re: printjob.c mktemp() problem Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 10:27 PM +0200 10/24/00, Jeroen Ruigrok van der Werven wrote: >New patch at http://lucifer.bart.nl/~asmodai/printjob.c.diff > >However, there are some things I don't like in the current patch. > >I have these feeling that I am missing something. > >My memory keeps nagging about calling mkstemp() twice and only >unlink() once, and then in the general case, whilst the original >code only had one mktemp() and subsequently open()'d the tempfile. Just so people know, I am taking a little time to look at this more closely now. The previous series of patches would not have worked right for a number of reasons (even ignoring the issue of putting the files in /tmp, when they shouldn't have been there). The updates do not take into account all the forking that is going on in lpd. With the older code, a temp-name was picked, lpd would fork to run some filter, the child would open that tempname as stderr, and then exec the filter. When the filter completed, the contents of the tempname would be copied to the logfile, and the tempname would be unlinked. With the proposed code, the tempname is not CHOSEN until you're already in the child which is going to exec the filter. That means (among other things) that all the copying/unlinking code that's in the parent is going to fail, because it still has the original pattern (errsXXXX) instead of the correct temporary filename which only the child will know. So, I will come up with an alternate version of the patch, which will also fix some other problems with the handling of these tempfiles. It'll take me a little time and testing to make sure I have it right, though. -- --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 6 16:45: 1 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 2D59B37B479 for ; Mon, 6 Nov 2000 16:44:55 -0800 (PST) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id TAA202914; Mon, 6 Nov 2000 19:44:45 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: <20001024140510.G93799@lucifer.bart.nl> <20001024222716.B2020@lucifer.bart.nl> Date: Mon, 6 Nov 2000 19:44:44 -0500 To: Jeroen Ruigrok van der Werven , audit@FreeBSD.ORG, freebsd-print@bostonradio.org From: Garance A Drosihn Subject: Fixing mktemp() call in lpd/printjob.c (logging) Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Okay, I believe I have an update which replaces the call to mktemp with a call to mkstemp, without introducing any problems to printjob. The mktemp call was for a temporary file (in the spool directory) which was used to catch stderr output from filters. In testing this, I also noticed that this temp file was NOT copied to 'lf=' when using a filter while sending a job to a remote host (ie, rm=). The update also corrects that. I've tested this with a few dozen syslog-msgs to make sure the right things were happening with the right values at the right times. (I did remove those syslog msgs, of course... :-) So, I'm fairly confident it is doing the right thing. This does borrow some of the code Jeroen wrote in earlier attempts at this update, but moves it around and does a few other things. The update is available at: ftp://freefour.acs.rpi.edu/pub/bsdlpr/no-mktemp.diff I mention that because I'm sending the patch via Eudora on my Mac (macOS 10pb, to be precise), and I'm not quite sure how it will come out in the message. Anyway, if the following looks like garbage, then check the above URL. The copy & paste attempt: Index: lpd/printjob.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/lpr/lpd/printjob.c,v retrieving revision 1.27 diff -u -r1.27 printjob.c --- lpd/printjob.c 2000/11/06 19:36:38 1.27 +++ lpd/printjob.c 2000/11/07 00:19:58 @@ -115,7 +115,8 @@ static char logname[32]; /* user's login name */ static char pxlength[10] = "-y"; /* page length in pixels */ static char pxwidth[10] = "-x"; /* page width in pixels */ -static char tempfile[] = "errsXXXXXX"; /* file name for filter errors */ +/* tempErrsfile is the filename used to catch stderr from exec-ing filters */ +static char tempErrsfile[] = "errs.XXXXXXX"; static char width[10] = "-w"; /* page width in static characters */ #define TFILENAME "fltXXXXXX" static char tfile[] = TFILENAME; /* file name for filter output */ @@ -151,8 +152,9 @@ register struct jobqueue *q, **qp; struct jobqueue **queue; register int i, nitems; - off_t pidoff; - int errcnt, count = 0; + off_t pidoff; + int errcnt, count = 0; + int tempfd; init(pp); /* set up capabilities */ (void) write(1, "", 1); /* ack that daemon is started */ @@ -169,8 +171,6 @@ signal(SIGQUIT, abortpr); signal(SIGTERM, abortpr); - (void) mktemp(tempfile); - /* * uses short form file names */ @@ -218,6 +218,21 @@ syslog(LOG_ERR, "%s: %s: %m", pp->printer, pp->lock_file); } + + /* create a file which will be used to hold stderr from filters */ + if ((tempfd = mkstemp(tempErrsfile)) == -1) { + syslog(LOG_ERR, "%s: mkstemp(%s): %m", pp->printer, + tempErrsfile); + exit(-1); + } + if ((i = fchmod(tempfd, 0664)) == -1) { + syslog(LOG_ERR, "%s: fchmod(%s): %m", pp->printer, + tempErrsfile); + exit(-1); + } + /* lpd doesn't need it to be open, it just needs it to exist */ + close(tempfd); + openpr(pp); /* open printer or remote */ again: /* @@ -314,7 +329,7 @@ } (void) close(ofd); (void) wait(NULL); - (void) unlink(tempfile); + (void) unlink(tempErrsfile); exit(0); } goto again; @@ -489,7 +504,8 @@ continue; default: /* some file to print */ - switch (i = print(pp, line[0], line+1)) { + i = print(pp, line[0], line+1); + switch (i) { case ERROR: if (bombed == OK) bombed = FATALERR; @@ -741,7 +757,9 @@ if ((child = dofork(pp, DORETURN)) == 0) { /* child */ dup2(fi, 0); dup2(fo, 1); - n = open(tempfile, O_WRONLY|O_CREAT|O_TRUNC, 0664); + /* setup stderr for the filter (child process) + * so it goes to our temporary errors file */ + n = open(tempErrsfile, O_WRONLY|O_TRUNC, 0664); if (n >= 0) dup2(n, 2); closelog(); @@ -766,8 +784,8 @@ } pp->tof = 0; - /* Copy filter output to "lf" logfile */ - if ((fp = fopen(tempfile, "r"))) { + /* Copy the filter's output to "lf" logfile */ + if ((fp = fopen(tempErrsfile, "r"))) { while (fgets(buf, sizeof(buf), fp)) fputs(buf, stderr); fclose(fp); @@ -914,6 +932,7 @@ { register int f, i, amt; struct stat stb; + FILE *fp; char buf[BUFSIZ]; int sizerr, resp, closedpr; @@ -971,8 +990,9 @@ if ((ifilter = dofork(pp, DORETURN)) == 0) { /* child */ dup2(f, 0); dup2(tfd, 1); - n = open(tempfile, O_WRONLY|O_CREAT|O_TRUNC, - TEMP_FILE_MODE); + /* setup stderr for the filter (child process) + * so it goes to our temporary errors file */ + n = open(tempErrsfile, O_WRONLY|O_TRUNC, 0664); if (n >= 0) dup2(n, 2); closelog(); @@ -989,6 +1009,13 @@ while ((pid = wait((int *)&status)) > 0 && pid != ifilter) ; + /* Copy the filter's output to "lf" logfile */ + if ((fp = fopen(tempErrsfile, "r"))) { + while (fgets(buf, sizeof(buf), fp)) + fputs(buf, stderr); + fclose(fp); + } + /* process the return-code from the filter */ switch (status.w_retcode) { case 0: break; @@ -1303,8 +1330,8 @@ cp = "NOACCT"; break; case FILTERERR: - if (stat(tempfile, &stb) < 0 || stb.st_size == 0 || - (fp = fopen(tempfile, "r")) == NULL) { + if (stat(tempErrsfile, &stb) < 0 || stb.st_size == 0 + || (fp = fopen(tempErrsfile, "r")) == NULL) { printf("\nhad some errors and may not have printed\n"); break; } @@ -1383,7 +1410,8 @@ abortpr(signo) int signo; { - (void) unlink(tempfile); + + (void) unlink(tempErrsfile); kill(0, SIGINT); if (ofilter > 0) kill(ofilter, SIGCONT); -- --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Nov 7 7:40:57 2000 Delivered-To: freebsd-audit@freebsd.org Received: from lucifer.ninth-circle.org (lucifer.bart.nl [194.158.168.74]) by hub.freebsd.org (Postfix) with ESMTP id 25C7637B4C5 for ; Tue, 7 Nov 2000 07:40:55 -0800 (PST) Received: (from asmodai@localhost) by lucifer.ninth-circle.org (8.11.1/8.11.0) id eA7Fedl69144; Tue, 7 Nov 2000 16:40:39 +0100 (CET) (envelope-from asmodai) Date: Tue, 7 Nov 2000 16:40:39 +0100 From: Jeroen Ruigrok van der Werven To: Garance A Drosihn Cc: audit@FreeBSD.ORG, freebsd-print@bostonradio.org Subject: Re: Fixing mktemp() call in lpd/printjob.c (logging) Message-ID: <20001107164039.E68293@lucifer.bart.nl> References: <20001024140510.G93799@lucifer.bart.nl> <20001024222716.B2020@lucifer.bart.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from drosih@rpi.edu on Mon, Nov 06, 2000 at 07:44:44PM -0500 Organisation: VIA Net.Works The Netherlands Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -On [20001107 01:45], Garance A Drosihn (drosih@rpi.edu) wrote: >-static char tempfile[] = "errsXXXXXX"; /* file name for filter errors */ >+/* tempErrsfile is the filename used to catch stderr from exec-ing filters */ >+static char tempErrsfile[] = "errs.XXXXXXX"; Well, with this variable naming you divert from the style used in the total source code. -- Jeroen Ruigrok van der Werven Network- and systemadministrator VIA Net.Works The Netherlands BSD: Technical excellence at its best http://www.via-net-works.nl That's your Destiny, the only chance, take it, take it in your hands... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Nov 7 12:12:22 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 6E15037B479 for ; Tue, 7 Nov 2000 12:12:19 -0800 (PST) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id PAA636096; Tue, 7 Nov 2000 15:12:11 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20001107164039.E68293@lucifer.bart.nl> References: <20001024140510.G93799@lucifer.bart.nl> <20001024222716.B2020@lucifer.bart.nl> <20001107164039.E68293@lucifer.bart.nl> Date: Tue, 7 Nov 2000 15:12:09 -0500 To: Jeroen Ruigrok van der Werven From: Garance A Drosihn Subject: Re: Fixing mktemp() call in lpd/printjob.c (logging) Cc: audit@FreeBSD.ORG, freebsd-print@bostonradio.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 4:40 PM +0100 11/7/00, Jeroen Ruigrok van der Werven wrote: >-On [20001107 01:45], Garance A Drosihn (drosih@rpi.edu) wrote: >>-static char tempfile[] = "errsXXXXXX"; /* file name for filter errors */ >>+/* tempErrsfile is the filename used to catch stderr from exec-ing >>filters */ >>+static char tempErrsfile[] = "errs.XXXXXXX"; > >Well, with this variable naming you divert from the style used in the >total source code. Well, I do want that renamed, due to other updates I plan to install as time permits. How about 'temperrsf' or maybe 'tempstderr'? Assuming no one sees some security problem with this, I'll commit the update (with a different variable name) sometime later this week. -- --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Nov 7 12:18: 8 2000 Delivered-To: freebsd-audit@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id E29FC37B479 for ; Tue, 7 Nov 2000 12:18:04 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id PAA86497; Tue, 7 Nov 2000 15:18:00 -0500 (EST) (envelope-from wollman) Date: Tue, 7 Nov 2000 15:18:00 -0500 (EST) From: Garrett Wollman Message-Id: <200011072018.PAA86497@khavrinen.lcs.mit.edu> To: Garance A Drosihn Cc: audit@FreeBSD.org, freebsd-print@bostonradio.org Subject: Fixing mktemp() call in lpd/printjob.c (logging) In-Reply-To: References: <20001024140510.G93799@lucifer.bart.nl> <20001024222716.B2020@lucifer.bart.nl> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 < said: > Okay, I believe I have an update which replaces the call to > mktemp with a call to mkstemp, without introducing any problems > to printjob. This seems to be one of those cases where the ``might be unsafe'' warning does us a disservice. Since this file is created in the spool directory, which is only writable by the spooler subsystem, mktemp() is safe here. That said, mkstemp() is a clearly superior interface. I would, however, prefer to see consistent style for variable names. - -GAWollman - -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6CGNqI+eG6b7tlG4RAlakAKCMoUU175iMyOhrgdp6NeTMgAH9fwCcCLSB 9M2bHnGmuOAHsJXnQCH4kUQ= =UG4d -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Nov 8 16: 4:40 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 6C09037B479 for ; Wed, 8 Nov 2000 16:04:37 -0800 (PST) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eA904Pg16911 for ; Wed, 8 Nov 2000 17:04:26 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA34374 for ; Wed, 8 Nov 2000 17:04:25 -0700 (MST) Message-Id: <200011090004.RAA34374@harmony.village.org> To: audit@freebsd.org Subject: Please review Date: Wed, 08 Nov 2000 17:04:25 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'd like to commit the following change to -current and eventually stable. It adds the -N flag which restores the old behavior wrt null passwords. Turns out that for a lot of reasons, we need this for our products. We don't want to trust other hosts, unless the account has no password. This is different than + + in subtle ways, and the user list is going to be volatile from machine to machine and over time. Warner Index: rshd.c =================================================================== RCS file: /base/FreeBSD-tsc-4/libexec/rshd/rshd.c,v retrieving revision 1.1.1.4 diff -u -r1.1.1.4 rshd.c --- rshd.c 2000/07/28 17:54:16 1.1.1.4 +++ rshd.c 2000/11/08 23:49:21 @@ -87,6 +87,7 @@ int keepalive = 1; int log_success; /* If TRUE, log all successful accesses */ +int no_null_password = 1; int sent_null; int no_delay; #ifdef CRYPT @@ -117,7 +118,7 @@ extern int auth_pam __P((char *)); #endif -#define OPTIONS "alnDL" +#define OPTIONS "alnDLN" int main(argc, argv) @@ -154,6 +155,9 @@ case 'L': log_success = 1; break; + case 'N': + no_null_password = 0; + break; case '?': default: usage(); @@ -399,8 +403,10 @@ if (errorstr || (pwd->pw_expire && time(NULL) >= pwd->pw_expire) || - iruserok_sa(fromp, fromp->su_len, pwd->pw_uid == 0, - remuser, locuser) < 0) { + ((no_null_password || + (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0')) && + iruserok_sa(fromp, fromp->su_len, pwd->pw_uid == 0, + remuser, locuser) < 0)) { if (__rcmd_errstr) syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: permission denied (%s). cmd='%.80s'", To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 10 5:25:53 2000 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id B688137B4C5 for ; Fri, 10 Nov 2000 05:25:51 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id IAA60850; Fri, 10 Nov 2000 08:24:34 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Fri, 10 Nov 2000 08:24:34 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Kris Kennaway Cc: audit@freebsd.org Subject: Re: mktemp() patch, again In-Reply-To: <20001104145247.A9161@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I used to accept the idea of using varying case to increase the randomness space. In light of Mac OS X's case-preserving but case-insensitive file system, I think it would be wiser not to rely on case-independence. That said, I think the current patches are safe against that, since the file system takes care of the magic and informs you if you get a collision in the same way it does for a case-sensitive collision (O_EXCL), it just means that the effective string length still needs to be longer. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 10 5:27:50 2000 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8596D37B4E5 for ; Fri, 10 Nov 2000 05:27:48 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id IAA60892; Fri, 10 Nov 2000 08:27:39 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Fri, 10 Nov 2000 08:27:39 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Warner Losh Cc: audit@freebsd.org Subject: Re: Please review In-Reply-To: <200011090004.RAA34374@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Is there any way we could make the enabling of null passwords an account class property and not a property of passwd? In SSH, the acceptance of null passwords is similarly an sshd property, and should be an account property via classes. While I recognize that you probably don't have room for a full login.conf, there is presumably a way to make the default policy without a policy file do the right thing. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 1:31:33 2000 Delivered-To: freebsd-audit@freebsd.org Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141]) by hub.freebsd.org (Postfix) with ESMTP id 36AF837B4C5; Sat, 11 Nov 2000 01:31:29 -0800 (PST) Received: from nwl.fw.uunet.co.za ([196.31.2.162]) by lists01.iafrica.com with esmtp (Exim 3.12 #2) id 13uX0G-0000S5-00; Sat, 11 Nov 2000 11:31:16 +0200 Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id LAA11258; Sat, 11 Nov 2000 11:31:24 +0200 (SAST) Received: by nwl.fw.uunet.co.za via recvmail id 11229; Sat Nov 11 11:30:33 2000 Received: from sheldonh (helo=axl.fw.uunet.co.za) by axl.fw.uunet.co.za with local-esmtp (Exim 3.16 #1) id 13uWzZ-0007FV-00; Sat, 11 Nov 2000 11:30:33 +0200 From: Sheldon Hearn To: Robert Watson Cc: Kris Kennaway , audit@freebsd.org Subject: Re: mktemp() patch, again In-reply-to: Your message of "Fri, 10 Nov 2000 08:24:34 EST." Date: Sat, 11 Nov 2000 11:30:33 +0200 Message-ID: <27868.973935033@axl.fw.uunet.co.za> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 10 Nov 2000 08:24:34 EST, Robert Watson wrote: > I used to accept the idea of using varying case to increase the randomness > space. In light of Mac OS X's case-preserving but case-insensitive file > system, I think it would be wiser not to rely on case-independence. I don't think that POSIX.1 specifies any knob that indicates case sensitivity in the filesystem, but it'd probably be okay for BSD code to rely on some BSD conditional. That would make it easy for the Darwin folks (and others) to control the behaviour. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 5:56:58 2000 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 68F5337B479 for ; Sat, 11 Nov 2000 05:56:51 -0800 (PST) Received: from earth.causticlabs.com (oca-pm3-1-36.hitter.net [207.192.76.36]) by peitho.fxp.org (Postfix) with ESMTP id B4FA21360E for ; Sat, 11 Nov 2000 08:56:53 -0500 (EST) Received: by earth.causticlabs.com (Postfix, from userid 1000) id 246C97C93; Sat, 11 Nov 2000 08:56:45 -0500 (EST) Date: Sat, 11 Nov 2000 08:56:45 -0500 From: Chris Faulhaber To: freebsd-audit@FreeBSD.org Subject: crunchgen(1) patch Message-ID: <20001111085645.A77992@earth.causticlabs.com> Mail-Followup-To: Chris Faulhaber , freebsd-audit@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="2/5bycvrmDh4d1IB" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --2/5bycvrmDh4d1IB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Attached is a patch to src/usr.sbin/crunch/crunchgen/crunchgen.c to do the following: 1) replace mktemp() usage with mkstemp() 2) allocate [MAXPATHLEN + 1] to ensure MAXPATHLEN and '\0' 3) strcpy() -> strlcpy() 4) sprintf() -> snprintf() My orignal intention was to fix mktemp(3) usage; however, I could not resist fixing the strcpy(3)'s and sprintf(3)'s also. Note that the 'sprintf(line, ...' lines were probably ok (unless MAXPATHLEN approaches MAXLINELEN), but I figured better safe than otherwise. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --2/5bycvrmDh4d1IB Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="crunchgen.c.diff" Index: crunchgen.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/crunch/crunchgen/crunchgen.c,v retrieving revision 1.15 diff -u -r1.15 crunchgen.c --- crunchgen.c 2000/11/10 15:21:37 1.15 +++ crunchgen.c 2000/11/11 13:32:52 @@ -83,10 +83,12 @@ char line[MAXLINELEN]; -char confname[MAXPATHLEN], infilename[MAXPATHLEN]; -char outmkname[MAXPATHLEN], outcfname[MAXPATHLEN], execfname[MAXPATHLEN]; -char tempfname[MAXPATHLEN], cachename[MAXPATHLEN], curfilename[MAXPATHLEN]; -char outhdrname[MAXPATHLEN] ; /* user-supplied header for *.mk */ +char confname[MAXPATHLEN + 1], infilename[MAXPATHLEN + 1]; +char outmkname[MAXPATHLEN + 1], outcfname[MAXPATHLEN + 1]; +char execfname[MAXPATHLEN + 1]; +char tempfname[MAXPATHLEN + 1], cachename[MAXPATHLEN + 1]; +char curfilename[MAXPATHLEN + 1]; +char outhdrname[MAXPATHLEN + 1] ; /* user-supplied header for *.mk */ int linenum = -1; int goterror = 0; @@ -126,10 +128,26 @@ case 'o': makeobj = 1; break; case 'q': verbose = 0; break; - case 'm': strcpy(outmkname, optarg); break; - case 'h': strcpy(outhdrname, optarg); break; - case 'c': strcpy(outcfname, optarg); break; - case 'e': strcpy(execfname, optarg); break; + case 'm': + if (strlcpy(outmkname, optarg, sizeof(outmkname)) >= + sizeof(outmkname)) + usage(); + break; + case 'h': + if (strlcpy(outhdrname, optarg, sizeof(outhdrname)) >= + sizeof(outmkname)) + usage(); + break; + case 'c': + if (strlcpy(outcfname, optarg, sizeof(outcfname)) >= + sizeof(outmkname)) + usage(); + break; + case 'e': + if (strlcpy(execfname, optarg, sizeof(execfname)) >= + sizeof(outmkname)) + usage(); + break; case 'l': list_mode++; verbose = 0; break; case '?': @@ -146,24 +164,21 @@ * generate filenames */ - strcpy(infilename, argv[0]); + if (strlcpy(infilename, argv[0], sizeof(infilename)) >= sizeof(outmkname)) + usage(); /* confname = `basename infilename .conf` */ - if((p=strrchr(infilename, '/')) != NULL) strcpy(confname, p+1); - else strcpy(confname, infilename); + if((p=strrchr(infilename, '/')) != NULL) strlcpy(confname, p+1, sizeof(confname)); + else strlcpy(confname, infilename, sizeof(confname)); if((p=strrchr(confname, '.')) != NULL && !strcmp(p, ".conf")) *p = '\0'; - if(!*outmkname) sprintf(outmkname, "%s.mk", confname); - if(!*outcfname) sprintf(outcfname, "%s.c", confname); - if(!*execfname) sprintf(execfname, "%s", confname); - - sprintf(cachename, "%s.cache", confname); - sprintf(tempfname, ".tmp_%sXXXXXX", confname); - if(mktemp(tempfname) == NULL) { - perror(tempfname); - exit(1); - } + if(!*outmkname) snprintf(outmkname, sizeof(outmkname), "%s.mk", confname); + if(!*outcfname) snprintf(outcfname, sizeof(outcfname), "%s.c", confname); + if(!*execfname) snprintf(execfname, sizeof(execfname), "%s", confname); + + snprintf(cachename, sizeof(cachename), "%s.cache", confname); + snprintf(tempfname, sizeof(tempfname), ".tmp_%sXXXXXX", confname); parse_conf_file(); if (list_mode) @@ -223,9 +238,9 @@ void (*f)(int c, char **v); FILE *cf; - sprintf(line, "reading %s", filename); + snprintf(line, sizeof(line), "reading %s", filename); status(line); - strcpy(curfilename, filename); + strlcpy(curfilename, filename, sizeof(curfilename)); if((cf = fopen(curfilename, "r")) == NULL) { warn("%s", curfilename); @@ -492,11 +507,11 @@ */ void fillin_program(prog_t *p) { - char path[MAXPATHLEN]; + char path[MAXPATHLEN + 1]; char *srcparent; strlst_t *s; - sprintf(line, "filling in parms for %s", p->name); + snprintf(line, sizeof(line), "filling in parms for %s", p->name); status(line); if(!p->ident) @@ -504,14 +519,14 @@ if(!p->srcdir) { srcparent = dir_search(p->name); if(srcparent) - sprintf(path, "%s/%s", srcparent, p->name); + snprintf(path, sizeof(path), "%s/%s", srcparent, p->name); if(is_dir(path)) p->srcdir = strdup(path); } if(!p->objdir && p->srcdir) { FILE *f; - sprintf(path, "cd %s && echo -n /usr/obj`/bin/pwd`", p->srcdir); + snprintf(path, sizeof(path), "cd %s && echo -n /usr/obj`/bin/pwd`", p->srcdir); p->objdir = p->srcdir; f = popen(path,"r"); if (f) { @@ -526,18 +541,18 @@ * XXX look for a Makefile.{name} in local directory first. * This lets us override the original Makefile. */ - sprintf(path, "Makefile.%s", p->name); + snprintf(path, sizeof(path), "Makefile.%s", p->name); if (is_nonempty_file(path)) { - sprintf(line, "Using %s for %s", path, p->name); + snprintf(line, sizeof(path), "Using %s for %s", path, p->name); status(line); } else - if(p->srcdir) sprintf(path, "%s/Makefile", p->srcdir); + if(p->srcdir) snprintf(path, sizeof(path), "%s/Makefile", p->srcdir); if(!p->objs && p->srcdir && is_nonempty_file(path)) fillin_program_objs(p, path); if(!p->objpaths && p->objdir && p->objs) for(s = p->objs; s != NULL; s = s->next) { - sprintf(line, "%s/%s", p->objdir, s->str); + snprintf(line, sizeof(line), "%s/%s", p->objdir, s->str); add_string(&p->objpaths, line); } @@ -558,14 +573,18 @@ void fillin_program_objs(prog_t *p, char *path) { char *obj, *cp; - int rc; + int fd, rc; FILE *f; char *objvar="OBJS"; strlst_t *s; /* discover the objs from the srcdir Makefile */ - if((f = fopen(tempfname, "w")) == NULL) { + if((fd = mkstemp(tempfname)) == -1) { + perror(tempfname); + exit(1); + } + if((f = fdopen(fd, "w")) == NULL) { warn("%s", tempfname); goterror = 1; return; @@ -592,7 +611,7 @@ fclose(f); - sprintf(line, "make -f %s crunchgen_objs 2>&1", tempfname); + snprintf(line, sizeof(line), "make -f %s crunchgen_objs 2>&1", tempfname); if((f = popen(line, "r")) == NULL) { warn("submake pipe"); goterror = 1; @@ -646,7 +665,7 @@ FILE *cachef; prog_t *p; - sprintf(line, "generating %s", cachename); + snprintf(line, sizeof(line), "generating %s", cachename); status(line); if((cachef = fopen(cachename, "w")) == NULL) { @@ -680,7 +699,7 @@ prog_t *p; FILE *outmk; - sprintf(line, "generating %s", outmkname); + snprintf(line, sizeof(line), "generating %s", outmkname); status(line); if((outmk = fopen(outmkname, "w")) == NULL) { @@ -712,7 +731,7 @@ prog_t *p; strlst_t *s; - sprintf(line, "generating %s", outcfname); + snprintf(line, sizeof(line), "generating %s", outcfname); status(line); if((outcf = fopen(outcfname, "w")) == NULL) { @@ -770,11 +789,11 @@ char *dir_search(char *progname) { - char path[MAXPATHLEN]; + char path[MAXPATHLEN + 1]; strlst_t *dir; for(dir=srcdirs; dir != NULL; dir=dir->next) { - sprintf(path, "%s/%s", dir->str, progname); + snprintf(path, sizeof(path), "%s/%s", dir->str, progname); if(is_dir(path)) return dir->str; } return NULL; --2/5bycvrmDh4d1IB-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 8:14:21 2000 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 5ED3D37B479 for ; Sat, 11 Nov 2000 08:14:14 -0800 (PST) Received: from earth.causticlabs.com (oca-pm3-3-146.hitter.net [207.192.76.146]) by peitho.fxp.org (Postfix) with ESMTP id 5A9A61360E for ; Sat, 11 Nov 2000 11:14:18 -0500 (EST) Received: by earth.causticlabs.com (Postfix, from userid 1000) id 2221A7C93; Sat, 11 Nov 2000 11:14:09 -0500 (EST) Date: Sat, 11 Nov 2000 11:14:08 -0500 From: Chris Faulhaber To: freebsd-audit@FreeBSD.org Subject: config(8) patch Message-ID: <20001111111408.A28197@earth.causticlabs.com> Mail-Followup-To: Chris Faulhaber , freebsd-audit@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="cWoXeonUoKmBZSoM" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The attached diff for config(8) fixes the following: 1) numerous places where the return value of malloc(2) is not checked 2) allocate [MAXPATHLEN + 1] to ensure room for MAXPATHLEN and '\0' 3) use strlcpy(3) instead of strcpy(3), especially when copying from the command line (optarg) 4) correct usage(s) of strcpy(3)/strcat(3) combination by using snprintf(3) 5) change mkdir(2) mode from 0777 to 0755 -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --cWoXeonUoKmBZSoM Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="config.diff" Index: config.y =================================================================== RCS file: /home/ncvs/src/usr.sbin/config/config.y,v retrieving revision 1.46 diff -u -r1.46 config.y --- config.y 2000/10/14 08:33:19 1.46 +++ config.y 2000/11/11 16:05:21 @@ -131,6 +131,8 @@ = { struct cputype *cp = (struct cputype *)malloc(sizeof (struct cputype)); + if (!cp) + err(1, "malloc failed"); memset(cp, 0, sizeof(*cp)); cp->cpu_name = $2; cp->cpu_next = cputype; @@ -165,6 +167,8 @@ Save_id = { struct opt *op = (struct opt *)malloc(sizeof (struct opt)); + if (!op) + err(1, "malloc failed"); memset(op, 0, sizeof(*op)); op->op_name = ns("KERNEL"); op->op_ownfile = 0; @@ -190,6 +194,8 @@ = { struct opt *op = (struct opt *)malloc(sizeof (struct opt)); char *s; + if (!op) + err(1, "malloc failed"); memset(op, 0, sizeof(*op)); op->op_name = $1; op->op_next = opt; @@ -209,6 +215,8 @@ Save_id EQUALS Opt_value = { struct opt *op = (struct opt *)malloc(sizeof (struct opt)); + if (!op) + err(1, "malloc failed"); memset(op, 0, sizeof(*op)); op->op_name = $1; op->op_next = opt; @@ -243,6 +251,8 @@ Save_id EQUALS Opt_value = { struct opt *op = (struct opt *)malloc(sizeof (struct opt)); + if (!op) + err(1, "malloc failed"); memset(op, 0, sizeof(*op)); op->op_name = $1; op->op_ownfile = 0; /* for now */ @@ -291,6 +301,8 @@ struct device *np; np = (struct device *) malloc(sizeof *np); + if (!np) + err(1, "malloc failed"); memset(np, 0, sizeof(*np)); *np = *dp; np->d_name = dp->d_name; Index: main.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/config/main.c,v retrieving revision 1.40 diff -u -r1.40 main.c --- main.c 2000/09/29 13:30:24 1.40 +++ main.c 2000/11/11 16:06:41 @@ -69,8 +69,8 @@ #define CDIR "../../compile/" char * PREFIX; -char destdir[MAXPATHLEN]; -char srcdir[MAXPATHLEN]; +char destdir[MAXPATHLEN + 1]; +char srcdir[MAXPATHLEN + 1]; static int no_config_clobber = TRUE; int debugging; @@ -96,7 +96,7 @@ switch (ch) { case 'd': if (*destdir == '\0') - strcpy(destdir, optarg); + strlcpy(destdir, optarg, sizeof(destdir)); else errx(2, "directory already set"); break; @@ -133,13 +133,12 @@ destdir[--len] = '\0'; get_srcdir(); } else { - strcpy(destdir, CDIR); - strcat(destdir, PREFIX); + snprintf(destdir, sizeof(destdir), "%s%s", CDIR, PREFIX); } p = path((char *)NULL); if (stat(p, &buf)) { - if (mkdir(p, 0777)) + if (mkdir(p, 0755)) err(2, "%s", p); } else if ((buf.st_mode & S_IFMT) != S_IFDIR) { @@ -156,7 +155,7 @@ err(2, "%s", tmp); } fprintf(stderr, "Done.\n"); - if (mkdir(p, 0777)) + if (mkdir(p, 0755)) err(2, "%s", p); } @@ -346,6 +345,8 @@ char *cp; cp = malloc((size_t)(strlen(destdir) + (file ? strlen(file) : 0) + 2)); + if (!cp) + err(1, "malloc failed"); (void) strcpy(cp, destdir); if (file) { (void) strcat(cp, "/"); Index: mkheaders.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/config/mkheaders.c,v retrieving revision 1.16 diff -u -r1.16 mkheaders.c --- mkheaders.c 2000/06/13 22:28:41 1.16 +++ mkheaders.c 2000/11/11 16:05:22 @@ -147,6 +147,8 @@ if (cp == (char *)EOF) break; fl = (struct file_list *) malloc(sizeof *fl); + if (!fl) + err(1, "malloc failed"); bzero(fl, sizeof(*fl)); fl->f_fn = inw; /* malloced */ fl->f_type = inc; @@ -164,6 +166,8 @@ } if (oldcount == -1) { fl = (struct file_list *) malloc(sizeof *fl); + if (!fl) + err(1, "malloc failed"); bzero(fl, sizeof(*fl)); fl->f_fn = ns(name); fl->f_type = count; @@ -191,8 +195,7 @@ { static char hbuf[80]; - (void) strcpy(hbuf, path(dev)); - (void) strcat(hbuf, ".h"); + snprintf(hbuf, sizeof(hbuf), "%s.h", path(dev)); return (hbuf); } Index: mkmakefile.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/config/mkmakefile.c,v retrieving revision 1.55 diff -u -r1.55 mkmakefile.c --- mkmakefile.c 2000/08/25 19:30:03 1.55 +++ mkmakefile.c 2000/11/11 16:05:22 @@ -120,6 +120,8 @@ struct file_list *fp; fp = (struct file_list *) malloc(sizeof *fp); + if (!fp) + err(1, "malloc failed"); bzero(fp, sizeof *fp); if (fcur == 0) fcur = ftab = fp; @@ -494,6 +496,8 @@ } if (std) { dp = (struct device *) malloc(sizeof *dp); + if (!dp) + err(1, "malloc failed"); bzero(dp, sizeof *dp); dp->d_type = DEVICE; dp->d_name = ns(wd); Index: mkoptions.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/config/mkoptions.c,v retrieving revision 1.20 diff -u -r1.20 mkoptions.c --- mkoptions.c 2000/09/29 13:30:24 1.20 +++ mkoptions.c 2000/11/11 16:05:22 @@ -80,6 +80,8 @@ /* Fake the cpu types as options. */ for (cp = cputype; cp != NULL; cp = cp->cpu_next) { op = (struct opt *)malloc(sizeof(*op)); + if (!op) + err(1, "malloc failed"); memset(op, 0, sizeof(*op)); op->op_name = ns(cp->cpu_name); op->op_next = opt; @@ -103,6 +105,8 @@ /* Fake MAXUSERS as an option. */ op = (struct opt *)malloc(sizeof(*op)); + if (!op) + err(1, "malloc failed"); memset(op, 0, sizeof(*op)); op->op_name = "MAXUSERS"; snprintf(buf, sizeof(buf), "%d", maxusers); @@ -217,6 +221,8 @@ tidy++; } else { op = (struct opt *) malloc(sizeof *op); + if (!op) + err(1, "malloc failed"); bzero(op, sizeof(*op)); op->op_name = inw; op->op_value = invalue; @@ -244,6 +250,8 @@ if (value && !seen) { /* New option appears */ op = (struct opt *) malloc(sizeof *op); + if (!op) + err(1, "malloc failed"); bzero(op, sizeof(*op)); op->op_name = ns(name); op->op_value = value ? ns(value) : NULL; @@ -367,6 +375,8 @@ } po = (struct opt_list *) malloc(sizeof *po); + if (!po) + err(1, "malloc failed"); bzero(po, sizeof(*po)); po->o_name = this; po->o_file = val; --cWoXeonUoKmBZSoM-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 10:55:52 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 8893E37B4CF; Sat, 11 Nov 2000 10:55:50 -0800 (PST) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eABItng32162; Sat, 11 Nov 2000 11:55:49 -0700 (MST) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.1/8.8.3) with ESMTP id eABIv1G31635; Sat, 11 Nov 2000 11:57:01 -0700 (MST) Message-Id: <200011111857.eABIv1G31635@billy-club.village.org> To: Sheldon Hearn Subject: Re: mktemp() patch, again Cc: Robert Watson , Kris Kennaway , audit@FreeBSD.ORG In-reply-to: Your message of "Sat, 11 Nov 2000 11:30:33 +0200." <27868.973935033@axl.fw.uunet.co.za> References: <27868.973935033@axl.fw.uunet.co.za> Date: Sat, 11 Nov 2000 11:57:00 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <27868.973935033@axl.fw.uunet.co.za> Sheldon Hearn writes: : > I used to accept the idea of using varying case to increase the randomness : > space. In light of Mac OS X's case-preserving but case-insensitive file : > system, I think it would be wiser not to rely on case-independence. : : I don't think that POSIX.1 specifies any knob that indicates case : sensitivity in the filesystem, but it'd probably be okay for BSD code to : rely on some BSD conditional. That would make it easy for the Darwin : folks (and others) to control the behaviour. Actually I think that it is ok to use the larger random space. Since we still to collision detection, it will still be safe. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 11: 2:54 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 19A9037B479 for ; Sat, 11 Nov 2000 11:02:53 -0800 (PST) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eABJ2ng32203; Sat, 11 Nov 2000 12:02:49 -0700 (MST) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.1/8.8.3) with ESMTP id eABJ41G31684; Sat, 11 Nov 2000 12:04:01 -0700 (MST) Message-Id: <200011111904.eABJ41G31684@billy-club.village.org> To: Chris Faulhaber Subject: Re: config(8) patch Cc: freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Sat, 11 Nov 2000 11:14:08 EST." <20001111111408.A28197@earth.causticlabs.com> References: <20001111111408.A28197@earth.causticlabs.com> Date: Sat, 11 Nov 2000 12:04:01 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20001111111408.A28197@earth.causticlabs.com> Chris Faulhaber writes: : 2) allocate [MAXPATHLEN + 1] to ensure room for MAXPATHLEN and '\0' MAXPATHLEN includes the trailing NUL. At least that's what my brain is telling me bde told me after proposing similar changes to another part of the tree years ago. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 11: 7:53 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 6EB6737B479 for ; Sat, 11 Nov 2000 11:07:51 -0800 (PST) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eABJ7ng32230; Sat, 11 Nov 2000 12:07:50 -0700 (MST) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.1/8.8.3) with ESMTP id eABJ91G31777; Sat, 11 Nov 2000 12:09:02 -0700 (MST) Message-Id: <200011111909.eABJ91G31777@billy-club.village.org> Subject: Re: config(8) patch Cc: Chris Faulhaber , freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Sat, 11 Nov 2000 12:04:01 MST." <200011111904.eABJ41G31684@billy-club.village.org> References: <200011111904.eABJ41G31684@billy-club.village.org> <20001111111408.A28197@earth.causticlabs.com> Date: Sat, 11 Nov 2000 12:09:01 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200011111904.eABJ41G31684@billy-club.village.org> Warner Losh writes: : In message <20001111111408.A28197@earth.causticlabs.com> Chris Faulhaber writes: : : 2) allocate [MAXPATHLEN + 1] to ensure room for MAXPATHLEN and '\0' : : MAXPATHLEN includes the trailing NUL. At least that's what my brain : is telling me bde told me after proposing similar changes to another : part of the tree years ago. Looking at intro(2), we see: 63 ENAMETOOLONG File name too long. A component of a path name exceeded 255 (MAXNAMELEN) characters, or an entire path name exceeded 1023 (MAXPATHLEN-1) characters. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 11: 8:16 2000 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 1397337B479 for ; Sat, 11 Nov 2000 11:08:15 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 2B6351360E; Sat, 11 Nov 2000 14:08:12 -0500 (EST) Date: Sat, 11 Nov 2000 14:08:11 -0500 From: Chris Faulhaber To: Warner Losh Cc: Chris Faulhaber , freebsd-audit@FreeBSD.ORG Subject: Re: config(8) patch Message-ID: <20001111140811.A6972@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Warner Losh , freebsd-audit@FreeBSD.ORG References: <20001111111408.A28197@earth.causticlabs.com> <200011111904.eABJ41G31684@billy-club.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200011111904.eABJ41G31684@billy-club.village.org>; from imp@village.org on Sat, Nov 11, 2000 at 12:04:01PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Nov 11, 2000 at 12:04:01PM -0700, Warner Losh wrote: > In message <20001111111408.A28197@earth.causticlabs.com> Chris Faulhaber writes: > : 2) allocate [MAXPATHLEN + 1] to ensure room for MAXPATHLEN and '\0' > > MAXPATHLEN includes the trailing NUL. At least that's what my brain > is telling me bde told me after proposing similar changes to another > part of the tree years ago. > After re-reading /usr/include/sys/param.h, I agree. Nix those lines... -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 11:15:34 2000 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 9C94237B479 for ; Sat, 11 Nov 2000 11:15:32 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1000) id 622E41360E; Sat, 11 Nov 2000 14:15:32 -0500 (EST) Date: Sat, 11 Nov 2000 14:15:32 -0500 From: Chris Faulhaber To: Warner Losh Cc: freebsd-audit@FreeBSD.ORG Subject: Re: config(8) patch Message-ID: <20001111141532.A8166@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Warner Losh , freebsd-audit@FreeBSD.ORG References: <200011111904.eABJ41G31684@billy-club.village.org> <20001111111408.A28197@earth.causticlabs.com> <200011111904.eABJ41G31684@billy-club.village.org> <200011111909.eABJ91G31777@billy-club.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200011111909.eABJ91G31777@billy-club.village.org>; from imp@village.org on Sat, Nov 11, 2000 at 12:09:01PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Nov 11, 2000 at 12:09:01PM -0700, Warner Losh wrote: > In message <200011111904.eABJ41G31684@billy-club.village.org> Warner Losh writes: > : In message <20001111111408.A28197@earth.causticlabs.com> Chris Faulhaber writes: > : : 2) allocate [MAXPATHLEN + 1] to ensure room for MAXPATHLEN and '\0' > : > : MAXPATHLEN includes the trailing NUL. At least that's what my brain > : is telling me bde told me after proposing similar changes to another > : part of the tree years ago. > > Looking at intro(2), we see: > > 63 ENAMETOOLONG File name too long. A component of a path name exceeded > 255 (MAXNAMELEN) characters, or an entire path name exceeded 1023 > (MAXPATHLEN-1) characters. > As a side note, there are a few programs in the tree that use MAXPATHLEN + 1 (I think newsyslog.c confused me :). -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 11:59:27 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 784B737B4C5 for ; Sat, 11 Nov 2000 11:59:21 -0800 (PST) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eABJxKg32314; Sat, 11 Nov 2000 12:59:20 -0700 (MST) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.1/8.8.3) with ESMTP id eABK0WG31933; Sat, 11 Nov 2000 13:00:32 -0700 (MST) Message-Id: <200011112000.eABK0WG31933@billy-club.village.org> To: Chris Faulhaber Subject: Re: config(8) patch Cc: freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Sat, 11 Nov 2000 14:15:32 EST." <20001111141532.A8166@peitho.fxp.org> References: <20001111141532.A8166@peitho.fxp.org> <200011111904.eABJ41G31684@billy-club.village.org> <20001111111408.A28197@earth.causticlabs.com> <200011111904.eABJ41G31684@billy-club.village.org> <200011111909.eABJ91G31777@billy-club.village.org> Date: Sat, 11 Nov 2000 13:00:32 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20001111141532.A8166@peitho.fxp.org> Chris Faulhaber writes: : As a side note, there are a few programs in the tree that use MAXPATHLEN + 1 : (I think newsyslog.c confused me :). We should fix those, unless they have a specific reason for doing that. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 12:40:24 2000 Delivered-To: freebsd-audit@freebsd.org Received: from genius.systems.pavilion.net (genesis.tao.org.uk [194.242.131.254]) by hub.freebsd.org (Postfix) with ESMTP id 52B8B37B479 for ; Sat, 11 Nov 2000 12:40:16 -0800 (PST) Received: by genius.systems.pavilion.net (Postfix, from userid 100) id 3206D9B2D; Sat, 11 Nov 2000 20:43:43 +0000 (GMT) Date: Sat, 11 Nov 2000 20:43:43 +0000 From: Josef Karthauser To: Chris Faulhaber Cc: freebsd-audit@FreeBSD.ORG Subject: Re: crunchgen(1) patch Message-ID: <20001111204343.B17219@pavilion.net> References: <20001111085645.A77992@earth.causticlabs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001111085645.A77992@earth.causticlabs.com>; from jedgar@fxp.org on Sat, Nov 11, 2000 at 08:56:45AM -0500 X-NCC-RegID: uk.pavilion Organisation: Pavilion Internet plc, Lees House, 21-23 Dyke Road, Brighton, England Phone: +44-845-333-5000 Fax: +44-845-333-5001 Mobile: +44-403-596893 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Cool. I'll review and commit this as time permits. (Seeing as I'm hacking crunchgen at the moment.) [But don't let that stop anyone else if they have a burning inclination]. Joe On Sat, Nov 11, 2000 at 08:56:45AM -0500, Chris Faulhaber wrote: > Attached is a patch to src/usr.sbin/crunch/crunchgen/crunchgen.c to > do the following: > > 1) replace mktemp() usage with mkstemp() > 2) allocate [MAXPATHLEN + 1] to ensure MAXPATHLEN and '\0' > 3) strcpy() -> strlcpy() > 4) sprintf() -> snprintf() > > My orignal intention was to fix mktemp(3) usage; however, I could not > resist fixing the strcpy(3)'s and sprintf(3)'s also. Note that the > 'sprintf(line, ...' lines were probably ok (unless MAXPATHLEN approaches > MAXLINELEN), but I figured better safe than otherwise. > > -- > Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org > -------------------------------------------------------- > FreeBSD: The Power To Serve - http://www.FreeBSD.org > Index: crunchgen.c > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/crunch/crunchgen/crunchgen.c,v > retrieving revision 1.15 > diff -u -r1.15 crunchgen.c > --- crunchgen.c 2000/11/10 15:21:37 1.15 > +++ crunchgen.c 2000/11/11 13:32:52 > @@ -83,10 +83,12 @@ > > char line[MAXLINELEN]; > > -char confname[MAXPATHLEN], infilename[MAXPATHLEN]; > -char outmkname[MAXPATHLEN], outcfname[MAXPATHLEN], execfname[MAXPATHLEN]; > -char tempfname[MAXPATHLEN], cachename[MAXPATHLEN], curfilename[MAXPATHLEN]; > -char outhdrname[MAXPATHLEN] ; /* user-supplied header for *.mk */ > +char confname[MAXPATHLEN + 1], infilename[MAXPATHLEN + 1]; > +char outmkname[MAXPATHLEN + 1], outcfname[MAXPATHLEN + 1]; > +char execfname[MAXPATHLEN + 1]; > +char tempfname[MAXPATHLEN + 1], cachename[MAXPATHLEN + 1]; > +char curfilename[MAXPATHLEN + 1]; > +char outhdrname[MAXPATHLEN + 1] ; /* user-supplied header for *.mk */ > int linenum = -1; > int goterror = 0; > > @@ -126,10 +128,26 @@ > case 'o': makeobj = 1; break; > case 'q': verbose = 0; break; > > - case 'm': strcpy(outmkname, optarg); break; > - case 'h': strcpy(outhdrname, optarg); break; > - case 'c': strcpy(outcfname, optarg); break; > - case 'e': strcpy(execfname, optarg); break; > + case 'm': > + if (strlcpy(outmkname, optarg, sizeof(outmkname)) >= > + sizeof(outmkname)) > + usage(); > + break; > + case 'h': > + if (strlcpy(outhdrname, optarg, sizeof(outhdrname)) >= > + sizeof(outmkname)) > + usage(); > + break; > + case 'c': > + if (strlcpy(outcfname, optarg, sizeof(outcfname)) >= > + sizeof(outmkname)) > + usage(); > + break; > + case 'e': > + if (strlcpy(execfname, optarg, sizeof(execfname)) >= > + sizeof(outmkname)) > + usage(); > + break; > case 'l': list_mode++; verbose = 0; break; > > case '?': > @@ -146,24 +164,21 @@ > * generate filenames > */ > > - strcpy(infilename, argv[0]); > + if (strlcpy(infilename, argv[0], sizeof(infilename)) >= sizeof(outmkname)) > + usage(); > > /* confname = `basename infilename .conf` */ > > - if((p=strrchr(infilename, '/')) != NULL) strcpy(confname, p+1); > - else strcpy(confname, infilename); > + if((p=strrchr(infilename, '/')) != NULL) strlcpy(confname, p+1, sizeof(confname)); > + else strlcpy(confname, infilename, sizeof(confname)); > if((p=strrchr(confname, '.')) != NULL && !strcmp(p, ".conf")) *p = '\0'; > > - if(!*outmkname) sprintf(outmkname, "%s.mk", confname); > - if(!*outcfname) sprintf(outcfname, "%s.c", confname); > - if(!*execfname) sprintf(execfname, "%s", confname); > - > - sprintf(cachename, "%s.cache", confname); > - sprintf(tempfname, ".tmp_%sXXXXXX", confname); > - if(mktemp(tempfname) == NULL) { > - perror(tempfname); > - exit(1); > - } > + if(!*outmkname) snprintf(outmkname, sizeof(outmkname), "%s.mk", confname); > + if(!*outcfname) snprintf(outcfname, sizeof(outcfname), "%s.c", confname); > + if(!*execfname) snprintf(execfname, sizeof(execfname), "%s", confname); > + > + snprintf(cachename, sizeof(cachename), "%s.cache", confname); > + snprintf(tempfname, sizeof(tempfname), ".tmp_%sXXXXXX", confname); > > parse_conf_file(); > if (list_mode) > @@ -223,9 +238,9 @@ > void (*f)(int c, char **v); > FILE *cf; > > - sprintf(line, "reading %s", filename); > + snprintf(line, sizeof(line), "reading %s", filename); > status(line); > - strcpy(curfilename, filename); > + strlcpy(curfilename, filename, sizeof(curfilename)); > > if((cf = fopen(curfilename, "r")) == NULL) { > warn("%s", curfilename); > @@ -492,11 +507,11 @@ > */ > void fillin_program(prog_t *p) > { > - char path[MAXPATHLEN]; > + char path[MAXPATHLEN + 1]; > char *srcparent; > strlst_t *s; > > - sprintf(line, "filling in parms for %s", p->name); > + snprintf(line, sizeof(line), "filling in parms for %s", p->name); > status(line); > > if(!p->ident) > @@ -504,14 +519,14 @@ > if(!p->srcdir) { > srcparent = dir_search(p->name); > if(srcparent) > - sprintf(path, "%s/%s", srcparent, p->name); > + snprintf(path, sizeof(path), "%s/%s", srcparent, p->name); > if(is_dir(path)) > p->srcdir = strdup(path); > } > if(!p->objdir && p->srcdir) { > FILE *f; > > - sprintf(path, "cd %s && echo -n /usr/obj`/bin/pwd`", p->srcdir); > + snprintf(path, sizeof(path), "cd %s && echo -n /usr/obj`/bin/pwd`", p->srcdir); > p->objdir = p->srcdir; > f = popen(path,"r"); > if (f) { > @@ -526,18 +541,18 @@ > * XXX look for a Makefile.{name} in local directory first. > * This lets us override the original Makefile. > */ > - sprintf(path, "Makefile.%s", p->name); > + snprintf(path, sizeof(path), "Makefile.%s", p->name); > if (is_nonempty_file(path)) { > - sprintf(line, "Using %s for %s", path, p->name); > + snprintf(line, sizeof(path), "Using %s for %s", path, p->name); > status(line); > } else > - if(p->srcdir) sprintf(path, "%s/Makefile", p->srcdir); > + if(p->srcdir) snprintf(path, sizeof(path), "%s/Makefile", p->srcdir); > if(!p->objs && p->srcdir && is_nonempty_file(path)) > fillin_program_objs(p, path); > > if(!p->objpaths && p->objdir && p->objs) > for(s = p->objs; s != NULL; s = s->next) { > - sprintf(line, "%s/%s", p->objdir, s->str); > + snprintf(line, sizeof(line), "%s/%s", p->objdir, s->str); > add_string(&p->objpaths, line); > } > > @@ -558,14 +573,18 @@ > void fillin_program_objs(prog_t *p, char *path) > { > char *obj, *cp; > - int rc; > + int fd, rc; > FILE *f; > char *objvar="OBJS"; > strlst_t *s; > > /* discover the objs from the srcdir Makefile */ > > - if((f = fopen(tempfname, "w")) == NULL) { > + if((fd = mkstemp(tempfname)) == -1) { > + perror(tempfname); > + exit(1); > + } > + if((f = fdopen(fd, "w")) == NULL) { > warn("%s", tempfname); > goterror = 1; > return; > @@ -592,7 +611,7 @@ > > fclose(f); > > - sprintf(line, "make -f %s crunchgen_objs 2>&1", tempfname); > + snprintf(line, sizeof(line), "make -f %s crunchgen_objs 2>&1", tempfname); > if((f = popen(line, "r")) == NULL) { > warn("submake pipe"); > goterror = 1; > @@ -646,7 +665,7 @@ > FILE *cachef; > prog_t *p; > > - sprintf(line, "generating %s", cachename); > + snprintf(line, sizeof(line), "generating %s", cachename); > status(line); > > if((cachef = fopen(cachename, "w")) == NULL) { > @@ -680,7 +699,7 @@ > prog_t *p; > FILE *outmk; > > - sprintf(line, "generating %s", outmkname); > + snprintf(line, sizeof(line), "generating %s", outmkname); > status(line); > > if((outmk = fopen(outmkname, "w")) == NULL) { > @@ -712,7 +731,7 @@ > prog_t *p; > strlst_t *s; > > - sprintf(line, "generating %s", outcfname); > + snprintf(line, sizeof(line), "generating %s", outcfname); > status(line); > > if((outcf = fopen(outcfname, "w")) == NULL) { > @@ -770,11 +789,11 @@ > > char *dir_search(char *progname) > { > - char path[MAXPATHLEN]; > + char path[MAXPATHLEN + 1]; > strlst_t *dir; > > for(dir=srcdirs; dir != NULL; dir=dir->next) { > - sprintf(path, "%s/%s", dir->str, progname); > + snprintf(path, sizeof(path), "%s/%s", dir->str, progname); > if(is_dir(path)) return dir->str; > } > return NULL; -- Josef Karthauser FreeBSD: How many times have you booted today? Technical Manager Viagra for your server (http://www.uk.freebsd.org) Pavilion Internet plc. [joe@pavilion.net, joe@uk.freebsd.org, joe@tao.org.uk] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 22:48: 0 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 6290037B479 for ; Sat, 11 Nov 2000 22:47:58 -0800 (PST) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id eAC6lvC01160; Sat, 11 Nov 2000 23:47:57 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id XAA42081; Sat, 11 Nov 2000 23:47:56 -0700 (MST) Message-Id: <200011120647.XAA42081@harmony.village.org> To: Chris Faulhaber Subject: Re: crunchgen(1) patch Cc: freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Sat, 11 Nov 2000 08:56:45 EST." <20001111085645.A77992@earth.causticlabs.com> References: <20001111085645.A77992@earth.causticlabs.com> Date: Sat, 11 Nov 2000 23:47:56 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've gone through the tree and killed all the (what I think are) bogus PATHLEN + 1's in the tree. I'm doing a buildworld right now. I'll post a patch when I'm ready for a review. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 11 23:37:26 2000 Delivered-To: freebsd-audit@freebsd.org Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167]) by hub.freebsd.org (Postfix) with ESMTP id 91DB737B479 for ; Sat, 11 Nov 2000 23:37:25 -0800 (PST) Received: by puck.firepipe.net (Postfix, from userid 1000) id 81DF418DB; Sun, 12 Nov 2000 02:37:24 -0500 (EST) Date: Sun, 12 Nov 2000 02:37:24 -0500 From: Will Andrews To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: make(1) string paranoia part 1 (fwd) Message-ID: <20001112023724.D555@puck.firepipe.net> Reply-To: Will Andrews Mail-Followup-To: Will Andrews , Kris Kennaway , audit@FreeBSD.ORG References: <20001008233144.A39915@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001008233144.A39915@citusc17.usc.edu>; from kris@citusc.usc.edu on Sun, Oct 08, 2000 at 11:31:44PM -0700 X-Operating-System: FreeBSD 4.1-STABLE i386 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Oct 08, 2000 at 11:31:44PM -0700, Kris Kennaway wrote: > Here. The NetBSD make(1) simply converts most of the sprintf() to > snprintf(). Sure, make(1) isn't really much of something that can be > exploited, but nothing wrong with a little string paranoia, IMO. It > also free()'s the strings properly. So... nobody has comments on this patch? I have tested it.. shall I commit? -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message