From owner-freebsd-hackers  Fri Sep  7 16:20: 0 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from ussenterprise.ufp.org (ussenterprise.ufp.org [208.185.30.210])
	by hub.freebsd.org (Postfix) with ESMTP id AB49237B401
	for <hackers@FreeBSD.ORG>; Fri,  7 Sep 2001 16:19:54 -0700 (PDT)
Received: (from bicknell@localhost)
	by ussenterprise.ufp.org (8.11.1/8.11.1) id f87NMJs67639;
	Fri, 7 Sep 2001 19:22:19 -0400 (EDT)
	(envelope-from bicknell)
Date: Fri, 7 Sep 2001 19:22:19 -0400
From: Leo Bicknell <bicknell@ufp.org>
To: Chris Costello <chris@calldei.com>
Cc: Leo Bicknell <bicknell@ufp.org>,
	FreeBSD Hackers <hackers@FreeBSD.ORG>
Subject: Re: tiny patch to pkg_add
Message-ID: <20010907192219.A67548@ussenterprise.ufp.org>
Mail-Followup-To: Leo Bicknell <bicknell@ussenterprise.ufp.org>,
	Chris Costello <chris@calldei.com>, Leo Bicknell <bicknell@ufp.org>,
	FreeBSD Hackers <hackers@FreeBSD.ORG>
References: <20010907150416.A38565@dub.net> <20010907151935.A40146@dub.net> <20010907183242.A66179@ussenterprise.ufp.org> <20010907174626.A548@holly.calldei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010907174626.A548@holly.calldei.com>; from chris@calldei.com on Fri, Sep 07, 2001 at 05:46:26PM -0500
Organization: United Federation of Planets
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Fri, Sep 07, 2001 at 05:46:26PM -0500, Chris Costello wrote:
> > bzero((void *)packagesite, sizeof(packagesite));
> 
>    That's unnecessary unless you know you're going to be reading
> data from that string starting somewhere other than
> &packagesite[0];.  And the `void *' cast is unnecessary, as an
> array is converted to a pointer when passed to a function, and
> any data pointer is also implicitly converted to a `void *'
> pointer where necessary.

That's not the only reason to do it.  Many people in the past have
gotten passwords out of various applications by making them core
dump, sifting through /dev/kmem, and other things.  While it's not
clear that his application might have these issues, I come from
the better safe than sorry school.  If you want to make a string
"empty", make it empty, don't just clobber the first character.

The void * is necessary to make lint happy.  It is not necessary
for the program to work right.

-- 
Leo Bicknell - bicknell@ufp.org
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message