From owner-freebsd-hackers  Tue Feb 20  6:11:21 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from smtp.nettoll.com (matrix.nettoll.net [212.155.143.61])
	by hub.freebsd.org (Postfix) with ESMTP id 1C3A937B491
	for <freebsd-hackers@FreeBSD.ORG>; Tue, 20 Feb 2001 06:11:19 -0800 (PST)
	(envelope-from usebsd@free.fr)
Received: by smtp.nettoll.com; Tue, 20 Feb 2001 15:08:39 +0100 (MET)
Message-Id: <4.3.0.20010220150656.060411a0@pop.free.fr>
X-Sender: usebsd@pop.free.fr
X-Mailer: QUALCOMM Windows Eudora Version 4.3
Date: Tue, 20 Feb 2001 15:10:41 +0100
To: Matt Dillon <dillon@earth.backplane.com>
From: mouss <usebsd@free.fr>
Subject: Re: Staticaly allocated buffers in library. Is it correct?
Cc: "Andrey Simonenko" <simon@comsys.ntu-kpi.kiev.ua>,
	freebsd-hackers@FreeBSD.ORG
In-Reply-To: <200102192046.f1JKkl738082@earth.backplane.com>
References: <Pine.BSF.4.21.0102171202110.400-100000@scorpion.cosmos.all.net>
 <96rash$1m1d$1@igloo.uran.net.ua>
 <4.3.0.20010219200743.054eae40@pop.free.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 12:46 19/02/01 -0800, Matt Dillon wrote:
>    Yes, but we are talking about simple stupid config files here.  Programs
>     which actually tokenize an input stream typically do not use fgets().
>     Tokenizers either use [f]lex, [f]getc(), read() (and handle the buffering
>     themselves), or mmap().

I used the tokenize() just as an example. I consider that every program 
that reads
a line thinks it is a line and that the next fgets will read the _next_ 
line. but
fgets doesn't guarantee that. so we have the following alternatives:
- assume the file is well formed (no too long lines).
- check that the lines are not too long.

I personally prefer the second alternative. It has a cost, but this is more 
robust.
How many times have we seen things assumed for some time, and then the
code reused by someone else in another purpose but failing to check that
the assumptions are no more true. This has often resulted in security problems.

So I'd go for "trust BUT control". and this is even more important in 
library functions.


cheers,
mouss


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message