From owner-freebsd-audit Sun Jul 14 15:56:22 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00F0A37B400 for ; Sun, 14 Jul 2002 15:56:21 -0700 (PDT) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F99243E64 for ; Sun, 14 Jul 2002 15:56:20 -0700 (PDT) (envelope-from keramida@FreeBSD.org) Received: from hades.hell.gr (patr530-a146.otenet.gr [212.205.215.146]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g6EMuHPY022138 for ; Mon, 15 Jul 2002 01:56:18 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.5/8.12.5) with ESMTP id g6EMsuft041568 for ; Mon, 15 Jul 2002 01:54:56 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Received: (from charon@localhost) by hades.hell.gr (8.12.5/8.12.5/Submit) id g6EMsuH1041560 for freebsd-audit@freebsd.org; Mon, 15 Jul 2002 01:54:56 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Date: Mon, 15 Jul 2002 01:53:35 +0300 From: Giorgos Keramidas To: freebsd-audit@FreeBSD.org Subject: bin/ln & WARNS=5 Message-ID: <20020714225335.GA41543@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD 5.0-CURRENT i386 X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-Phone: +30-944-116520 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG The following allows me to build bin/ln with WARNS=5 on i386. Does it look OK, or have I missed something important? %%% Index: ln.c =================================================================== RCS file: /home/ncvs/src/bin/ln/ln.c,v retrieving revision 1.28 diff -u -r1.28 ln.c --- ln.c 30 Jun 2002 05:13:54 -0000 1.28 +++ ln.c 14 Jul 2002 22:42:49 -0000 @@ -189,7 +189,7 @@ p = target; else ++p; - if (snprintf(path, sizeof(path), "%s/%s", source, p) >= + if ((size_t)snprintf(path, sizeof(path), "%s/%s", source, p) >= sizeof(path)) { errno = ENAMETOOLONG; warn("%s", target); %%% To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Jul 14 19:35: 8 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1FE4037B400 for ; Sun, 14 Jul 2002 19:34:59 -0700 (PDT) Received: from turbine.trit.org (turbine.trit.org [63.198.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 546E543E7B for ; Sun, 14 Jul 2002 19:34:58 -0700 (PDT) (envelope-from dima@trit.org) Received: from turbine.trit.org (localhost [127.0.0.1]) by turbine.trit.org (Postfix) with ESMTP id 483403E1A for ; Mon, 15 Jul 2002 02:34:56 +0000 (UTC) To: audit@freebsd.org Subject: lock(1) -v (was: VT_LOCKSWITCH) Date: Mon, 15 Jul 2002 02:34:56 +0000 From: Dima Dorfman Message-Id: <20020715023456.483403E1A@turbine.trit.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Anybody care to review this patch? I'd rather not commit unreviewed changes to a setuid root program. Thanks. I wrote: > Sheldon Hearn wrote: > > > > > > On Tue, 28 May 2002 08:54:20 GMT, Dima Dorfman wrote: > > > > > The attached patch adds an -S option to vidcontrol(1) that allows the > > > user to disallow vty switching. It is implemented using a new > > > VT_LOCKSWITCH ioctl. > > > > Ooo! Ooo! This is nice. > > > > If you're up to it, I'd love to see the same functionality available as > > an extension to lock(1). Imagine the convenience of being able to type > > > > lock -npS > > > > on just one terminal and not have to worry about the rest! > > Sounds nice. How about the following patch? I really tried to keep > the not-directly-related changes to a minimum, but it was difficult > (lock(1) is so small and simple, but so lacking in polish!) (I did > refrain from fixing anything that I wasn't already going to change, > though, so the diff shouldn't be significantly harder to read). > > Note also that lock(1) is installed setuid root (for -p), so please > review accordingly (even though none of the new code runs as root). > > Thanks, > > Dima. Index: lock.1 =================================================================== RCS file: /home/ncvs/src/usr.bin/lock/lock.1,v retrieving revision 1.7 diff -u -r1.7 lock.1 --- lock.1 20 Apr 2002 12:15:20 -0000 1.7 +++ lock.1 10 Jul 2002 04:54:50 -0000 @@ -32,7 +32,7 @@ .\" @(#)lock.1 8.1 (Berkeley) 6/6/93 .\" $FreeBSD$ .\" -.Dd June 6, 1993 +.Dd July 10, 2002 .Dt LOCK 1 .Os .Sh NAME @@ -40,8 +40,7 @@ .Nd reserve a terminal .Sh SYNOPSIS .Nm -.Op Fl n -.Op Fl p +.Op Fl npv .Op Fl t Ar timeout .Sh DESCRIPTION The @@ -65,6 +64,15 @@ The time limit (default 15 minutes) is changed to .Ar timeout minutes. +.It Fl v +Disable switching virtual terminals while this terminal is locked. +This option is implemented in a way similar to the +.Fl S +option of +.Xr vidcontrol 1 , +and is only available if the terminal in question is a +.Xr syscons 4 +virtual terminal. .El .Sh HISTORY The Index: lock.c =================================================================== RCS file: /home/ncvs/src/usr.bin/lock/lock.c,v retrieving revision 1.13 diff -u -r1.13 lock.c --- lock.c 10 Jul 2002 04:05:33 -0000 1.13 +++ lock.c 10 Jul 2002 04:54:50 -0000 @@ -60,6 +60,7 @@ #include #include #include +#include #include #include #include @@ -83,6 +84,7 @@ struct sgttyb tty, ntty; long nexttime; /* keep the timeout time */ int no_timeout; /* lock terminal forever */ +int vtyunlock; /* Unlock flag and code. */ /*ARGSUSED*/ int @@ -95,7 +97,7 @@ time_t timval_sec; struct itimerval ntimer, otimer; struct tm *timp; - int ch, failures, sectimeout, usemine; + int ch, failures, sectimeout, usemine, vtylock; char *ap, *mypw, *ttynam, *tzn; char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ]; @@ -105,7 +107,8 @@ mypw = NULL; usemine = 0; no_timeout = 0; - while ((ch = getopt(argc, argv, "npt:")) != -1) + vtylock = 0; + while ((ch = getopt(argc, argv, "npt:v")) != -1) switch((char)ch) { case 't': if ((sectimeout = atoi(optarg)) <= 0) @@ -120,6 +123,9 @@ case 'n': no_timeout = 1; break; + case 'v': + vtylock = 1; + break; case '?': default: usage(); @@ -177,15 +183,31 @@ ntimer.it_value = timeout; if (!no_timeout) setitimer(ITIMER_REAL, &ntimer, &otimer); + if (vtylock) { + /* + * If this failed, we want to err out; warn isn't good + * enough, since we don't want the user to think that + * everything is nice and locked because they got a + * "Key:" prompt. + */ + if (ioctl(0, VT_LOCKSWITCH, &vtylock) == -1) { + (void)ioctl(0, TIOCSETP, &tty); + err(1, "locking vty"); + } + vtyunlock = 0x2; + } /* header info */ - if (no_timeout) { -(void)printf("lock: %s on %s. no timeout\ntime now is %.20s%s%s", - ttynam, hostname, ap, tzn, ap + 19); - } else { -(void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s", - ttynam, hostname, sectimeout, ap, tzn, ap + 19); - } + (void)printf("lock: %s on %s.", ttynam, hostname); + if (no_timeout) + (void)printf(" no timeout."); + else + (void)printf(" timeout in %d minute%s.", sectimeout, + sectimeout != 1 ? "s" : ""); + if (vtylock) + (void)printf(" vty locked."); + (void)printf("\ntime now is %.20s%s%s", ap, tzn, ap + 19); + failures = 0; for (;;) { @@ -222,7 +244,7 @@ static void usage() { - (void)fprintf(stderr, "usage: lock [-n] [-p] [-t timeout]\n"); + (void)fprintf(stderr, "usage: lock [-npv] [-t timeout]\n"); exit(1); } @@ -248,6 +270,8 @@ { (void)putchar('\n'); (void)ioctl(0, TIOCSETP, &tty); + if (vtyunlock) + (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); exit(0); } @@ -256,6 +280,8 @@ { if (!no_timeout) { (void)ioctl(0, TIOCSETP, &tty); + if (vtyunlock) + (void)ioctl(0, VT_LOCKSWITCH, &vtyunlock); (void)printf("lock: timeout\n"); exit(1); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 2:31:38 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DAB737B400; Mon, 15 Jul 2002 02:31:38 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id A97A043E31; Mon, 15 Jul 2002 02:31:37 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id BDC28534A; Mon, 15 Jul 2002 11:31:35 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Giorgos Keramidas Cc: freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 References: <20020714225335.GA41543@hades.hell.gr> From: Dag-Erling Smorgrav Date: 15 Jul 2002 11:31:34 +0200 In-Reply-To: <20020714225335.GA41543@hades.hell.gr> Message-ID: Lines: 9 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Giorgos Keramidas writes: > The following allows me to build bin/ln with WARNS=5 on i386. > Does it look OK, or have I missed something important? I'd rather cast sizeof to int. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 2:51:52 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2204A37B400 for ; Mon, 15 Jul 2002 02:51:51 -0700 (PDT) Received: from melusine.cuivre.fr.eu.org (melusine.cuivre.fr.eu.org [62.212.105.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A65E43E67 for ; Mon, 15 Jul 2002 02:51:50 -0700 (PDT) (envelope-from thomas@cuivre.fr.eu.org) Received: by melusine.cuivre.fr.eu.org (Postfix, from userid 1000) id 5AABF2C3D5; Mon, 15 Jul 2002 11:51:48 +0200 (CEST) Date: Mon, 15 Jul 2002 11:51:48 +0200 From: Thomas Quinot To: Dima Dorfman Cc: audit@freebsd.org Subject: Re: lock(1) -v (was: VT_LOCKSWITCH) Message-ID: <20020715115148.A30985@melusine.cuivre.fr.eu.org> Reply-To: thomas@cuivre.fr.eu.org References: <20020715023456.483403E1A@turbine.trit.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <20020715023456.483403E1A@turbine.trit.org>; from dima@trit.org on Mon, Jul 15, 2002 at 02:34:56AM +0000 X-message-flag: WARNING! Using Outlook can damage your computer. Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Le 2002-07-15, Dima Dorfman écrivait : > Anybody care to review this patch? I'd rather not commit unreviewed > changes to a setuid root program. I think we'd be safer with an explicit initialization of vtyunlock. Thomas. -- Thomas.Quinot@Cuivre.FR.EU.ORG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 3:21:52 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9588C37B400; Mon, 15 Jul 2002 03:21:50 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CCA743E58; Mon, 15 Jul 2002 03:21:49 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id UAA27611; Mon, 15 Jul 2002 20:21:44 +1000 Date: Mon, 15 Jul 2002 20:25:13 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Dag-Erling Smorgrav Cc: Giorgos Keramidas , Subject: Re: bin/ln & WARNS=5 In-Reply-To: Message-ID: <20020715202126.S40071-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 15 Jul 2002, Dag-Erling Smorgrav wrote: > Giorgos Keramidas writes: > > The following allows me to build bin/ln with WARNS=5 on i386. > > Does it look OK, or have I missed something important? > > I'd rather cast sizeof to int. That would break the possibly-intentional check for snprintf() failing. (size_t)-1 >= sizeof(path), but !(-1 >= (int)sizeof(path)). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 4:12:30 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB73237B400; Mon, 15 Jul 2002 04:12:28 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E04B43E64; Mon, 15 Jul 2002 04:12:28 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 73B9C534A; Mon, 15 Jul 2002 13:12:27 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Bruce Evans Cc: Giorgos Keramidas , Subject: Re: bin/ln & WARNS=5 References: <20020715202126.S40071-100000@gamplex.bde.org> From: Dag-Erling Smorgrav Date: 15 Jul 2002 13:12:26 +0200 In-Reply-To: <20020715202126.S40071-100000@gamplex.bde.org> Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Bruce Evans writes: > That would break the possibly-intentional check for snprintf() failing. > (size_t)-1 >= sizeof(path), but !(-1 >= (int)sizeof(path)). Casting a value which one knows may be negative to an unsigned type is IMHO stupid. If the check is intentional, it should be done explicitly. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 4:14:50 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B57537B401 for ; Mon, 15 Jul 2002 04:14:47 -0700 (PDT) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3C1243E31 for ; Mon, 15 Jul 2002 04:14:45 -0700 (PDT) (envelope-from keramida@FreeBSD.org) Received: from hades.hell.gr (patr530-b187.otenet.gr [212.205.244.195]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g6FBEePY023488; Mon, 15 Jul 2002 14:14:43 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.5/8.12.5) with ESMTP id g6FBEcft051634; Mon, 15 Jul 2002 14:14:39 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Received: (from charon@localhost) by hades.hell.gr (8.12.5/8.12.5/Submit) id g6FBEckr051633; Mon, 15 Jul 2002 14:14:38 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Date: Mon, 15 Jul 2002 14:14:36 +0300 From: Giorgos Keramidas To: Bruce Evans Cc: Dag-Erling Smorgrav , freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 Message-ID: <20020715111436.GD50130@hades.hell.gr> References: <20020715202126.S40071-100000@gamplex.bde.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020715202126.S40071-100000@gamplex.bde.org> X-Operating-System: FreeBSD 5.0-CURRENT i386 X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-Phone: +30-944-116520 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-07-15 20:25 +0000, Bruce Evans wrote: > On 15 Jul 2002, Dag-Erling Smorgrav wrote: > > > Giorgos Keramidas writes: > > > The following allows me to build bin/ln with WARNS=5 on i386. > > > Does it look OK, or have I missed something important? > > > > I'd rather cast sizeof to int. > > That would break the possibly-intentional check for snprintf() failing. > (size_t)-1 >= sizeof(path), but !(-1 >= (int)sizeof(path)). My intuition was that size_t being unsigned won't require truncation of the (int) return value... But if one wanted to explicitly make both a check for (-1) and the return value being less than the size of the buffer would the following be more proper? %%% Index: ln.c =================================================================== RCS file: /home/ncvs/src/bin/ln/ln.c,v retrieving revision 1.28 diff -u -r1.28 ln.c --- ln.c 30 Jun 2002 05:13:54 -0000 1.28 +++ ln.c 15 Jul 2002 11:12:13 -0000 @@ -163,6 +163,7 @@ const char *p; int ch, exists, first; char path[PATH_MAX]; + int pathlen; if (!sflag) { /* If target doesn't exist, quit now. */ @@ -189,8 +190,8 @@ p = target; else ++p; - if (snprintf(path, sizeof(path), "%s/%s", source, p) >= - sizeof(path)) { + if ((pathlen = snprintf(path, sizeof(path), "%s/%s", + source, p)) == -1 || pathlen >= (int)sizeof(path)) { errno = ENAMETOOLONG; warn("%s", target); return (1); %%% To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 4:17:25 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E31337B400; Mon, 15 Jul 2002 04:17:23 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id B68BD43E31; Mon, 15 Jul 2002 04:17:22 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 34E72534B; Mon, 15 Jul 2002 13:17:21 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Giorgos Keramidas Cc: Bruce Evans , freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> From: Dag-Erling Smorgrav Date: 15 Jul 2002 13:17:20 +0200 In-Reply-To: <20020715111436.GD50130@hades.hell.gr> Message-ID: Lines: 12 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Giorgos Keramidas writes: > My intuition was that size_t being unsigned won't require truncation > of the (int) return value... But if one wanted to explicitly make > both a check for (-1) and the return value being less than the size of > the buffer would the following be more proper? Looks good to me, apart from the extra parentheses around the argument to sizeof. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 4:21:24 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFFD537B400 for ; Mon, 15 Jul 2002 04:21:21 -0700 (PDT) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 812BF43E65 for ; Mon, 15 Jul 2002 04:21:20 -0700 (PDT) (envelope-from keramida@FreeBSD.org) Received: from hades.hell.gr (patr530-b187.otenet.gr [212.205.244.195]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g6FBLHPY002331; Mon, 15 Jul 2002 14:21:18 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.5/8.12.5) with ESMTP id g6FBLHft051757; Mon, 15 Jul 2002 14:21:17 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Received: (from charon@localhost) by hades.hell.gr (8.12.5/8.12.5/Submit) id g6FBLG1i051756; Mon, 15 Jul 2002 14:21:16 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Date: Mon, 15 Jul 2002 14:21:16 +0300 From: Giorgos Keramidas To: Dag-Erling Smorgrav Cc: Bruce Evans , freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 Message-ID: <20020715112116.GE50130@hades.hell.gr> References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 5.0-CURRENT i386 X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-Phone: +30-944-116520 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-07-15 13:17 +0000, Dag-Erling Smorgrav wrote: > Giorgos Keramidas writes: > > My intuition was that size_t being unsigned won't require truncation > > of the (int) return value... But if one wanted to explicitly make > > both a check for (-1) and the return value being less than the size of > > the buffer would the following be more proper? > > Looks good to me, apart from the extra parentheses around the argument > to sizeof. /me picks up notebook to learn a bit :) What's wrong with sizeof(...)? I thought that style(9) was actually encouraging the use of parentheses for the arguments of sizeof, when it mentioned: Casts and sizeof's are not followed by a space. Note that indent(1) does not understand this rule. - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 4:37:13 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C83937B401; Mon, 15 Jul 2002 04:37:11 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id B154B43E58; Mon, 15 Jul 2002 04:37:10 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 27C35534A; Mon, 15 Jul 2002 13:37:08 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Giorgos Keramidas Cc: Bruce Evans , freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> <20020715112116.GE50130@hades.hell.gr> From: Dag-Erling Smorgrav Date: 15 Jul 2002 13:37:08 +0200 In-Reply-To: <20020715112116.GE50130@hades.hell.gr> Message-ID: Lines: 15 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Giorgos Keramidas writes: > What's wrong with sizeof(...)? I thought that style(9) was actually > encouraging the use of parentheses for the arguments of sizeof, when > it mentioned: > > Casts and sizeof's are not followed by a space. Note that > indent(1) does not understand this rule. There are two different cases - one is "sizeof(type)" which requires parentheses, the other is "sizeof variable" which doesn't. In the latter case, the rule about avoiding unnecessary parentheses applies. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 4:44:51 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EA1637B400 for ; Mon, 15 Jul 2002 04:44:49 -0700 (PDT) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 278FF43E31 for ; Mon, 15 Jul 2002 04:44:48 -0700 (PDT) (envelope-from keramida@FreeBSD.org) Received: from hades.hell.gr (patr530-b187.otenet.gr [212.205.244.195]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g6FBidmc006024; Mon, 15 Jul 2002 14:44:40 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.5/8.12.5) with ESMTP id g6FBidft052166; Mon, 15 Jul 2002 14:44:39 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Received: (from charon@localhost) by hades.hell.gr (8.12.5/8.12.5/Submit) id g6FBib4r052165; Mon, 15 Jul 2002 14:44:37 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Date: Mon, 15 Jul 2002 14:44:37 +0300 From: Giorgos Keramidas To: Dag-Erling Smorgrav Cc: Bruce Evans , freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 Message-ID: <20020715114437.GA51994@hades.hell.gr> References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> <20020715112116.GE50130@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 5.0-CURRENT i386 X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-Phone: +30-944-116520 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-07-15 13:37 +0000, Dag-Erling Smorgrav wrote: > Giorgos Keramidas writes: > > What's wrong with sizeof(...)? I thought that style(9) was actually > > encouraging the use of parentheses for the arguments of sizeof, when > > it mentioned: > > > > Casts and sizeof's are not followed by a space. Note that > > indent(1) does not understand this rule. > > There are two different cases - one is "sizeof(type)" which requires > parentheses, the other is "sizeof variable" which doesn't. In the > latter case, the rule about avoiding unnecessary parentheses applies. Ah ! [ enlightenment ] That would require a major style sweep in ln.c though. Such changes should be done in a separate commit, right? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 4:52:58 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9381537B401; Mon, 15 Jul 2002 04:52:56 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9BD043E65; Mon, 15 Jul 2002 04:52:55 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 98A4A534A; Mon, 15 Jul 2002 13:52:53 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Giorgos Keramidas Cc: Bruce Evans , freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> <20020715112116.GE50130@hades.hell.gr> <20020715114437.GA51994@hades.hell.gr> From: Dag-Erling Smorgrav Date: 15 Jul 2002 13:52:52 +0200 In-Reply-To: <20020715114437.GA51994@hades.hell.gr> Message-ID: Lines: 9 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Giorgos Keramidas writes: > That would require a major style sweep in ln.c though. Such changes > should be done in a separate commit, right? Yes. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 8: 5: 9 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD44537B407; Mon, 15 Jul 2002 08:05:07 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7BC7043E67; Mon, 15 Jul 2002 08:05:06 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FF4u1f007134; Mon, 15 Jul 2002 09:04:56 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 09:04:20 -0600 (MDT) Message-Id: <20020715.090420.83279095.imp@bsdimp.com> To: keramida@FreeBSD.ORG Cc: bde@zeta.org.au, des@ofug.org, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: <20020715111436.GD50130@hades.hell.gr> References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <20020715111436.GD50130@hades.hell.gr> Giorgos Keramidas writes: : + if ((pathlen = snprintf(path, sizeof(path), "%s/%s", : + source, p)) == -1 || pathlen >= (int)sizeof(path)) { That's down right stupid. snprintf never returns a negative number. It always returns the number of characters that it would have used to make the string. The code was right before. However, maybe the following is better and clearer: if (strlen(source) + strlen(p) + 1 >= PATH_MAX) { ... ETOOLONG stuff } snprintf(...); Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 8: 6:34 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 15DAB37B400; Mon, 15 Jul 2002 08:06:33 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2898C43E64; Mon, 15 Jul 2002 08:06:30 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FF6I1f007140; Mon, 15 Jul 2002 09:06:18 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 09:05:42 -0600 (MDT) Message-Id: <20020715.090542.07693309.imp@bsdimp.com> To: keramida@FreeBSD.ORG Cc: des@ofug.org, bde@zeta.org.au, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: <20020715114437.GA51994@hades.hell.gr> References: <20020715112116.GE50130@hades.hell.gr> <20020715114437.GA51994@hades.hell.gr> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <20020715114437.GA51994@hades.hell.gr> Giorgos Keramidas writes: : On 2002-07-15 13:37 +0000, Dag-Erling Smorgrav wrote: : > Giorgos Keramidas writes: : > > What's wrong with sizeof(...)? I thought that style(9) was actually : > > encouraging the use of parentheses for the arguments of sizeof, when : > > it mentioned: : > > : > > Casts and sizeof's are not followed by a space. Note that : > > indent(1) does not understand this rule. : > : > There are two different cases - one is "sizeof(type)" which requires : > parentheses, the other is "sizeof variable" which doesn't. In the : > latter case, the rule about avoiding unnecessary parentheses applies. That's not always the case. sizeof type always works too. The convention is that sizeof(foo) is done in BSD sources. : Ah ! [ enlightenment ] : : That would require a major style sweep in ln.c though. Such changes : should be done in a separate commit, right? Yes, they are done with a separate commit, but not when it is the wrong thing to do. Leave sizeof(var) alone please. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 8:14:10 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F5E237B400; Mon, 15 Jul 2002 08:14:08 -0700 (PDT) Received: from xerxes.courtesan.com (courtesan.com [206.168.103.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id 29E1443E3B; Mon, 15 Jul 2002 08:14:07 -0700 (PDT) (envelope-from Todd.Miller@courtesan.com) Received: from xerxes.courtesan.com (IDENT:millert@localhost.courtesan.com [127.0.0.1]) by xerxes.courtesan.com (8.12.5/8.12.5) with ESMTP id g6FFE3BI007055; Mon, 15 Jul 2002 09:14:03 -0600 (MDT) Message-Id: <200207151514.g6FFE3BI007055@xerxes.courtesan.com> To: "M. Warner Losh" Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, des@ofug.org, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 In-reply-to: Your message of "Mon, 15 Jul 2002 09:04:20 MDT." <20020715.090420.83279095.imp@bsdimp.com> References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> <20020715.090420.83279095.imp@bsdimp.com> Date: Mon, 15 Jul 2002 09:14:03 -0600 From: "Todd C. Miller" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message <20020715.090420.83279095.imp@bsdimp.com> so spake "M. Warner Losh" (imp): > snprintf never returns a negative number. It always returns the > number of characters that it would have used to make the string. Actually, on Solaris snprintf can return -1 due to an incorrect locale-specific format string, although this does not appear to be documented. And of course, Single Unix used to specify that -1 was returned when out of space. If you are trying for "extreme portability" you might care. - todd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 8:23:30 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A4E837B400; Mon, 15 Jul 2002 08:23:29 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5026743E4A; Mon, 15 Jul 2002 08:23:28 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FFNM1f007241; Mon, 15 Jul 2002 09:23:22 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 09:22:41 -0600 (MDT) Message-Id: <20020715.092241.18906309.imp@bsdimp.com> To: Todd.Miller@courtesan.com Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, des@ofug.org, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: <200207151514.g6FFE3BI007055@xerxes.courtesan.com> References: <20020715111436.GD50130@hades.hell.gr> <20020715.090420.83279095.imp@bsdimp.com> <200207151514.g6FFE3BI007055@xerxes.courtesan.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <200207151514.g6FFE3BI007055@xerxes.courtesan.com> "Todd C. Miller" writes: : In message <20020715.090420.83279095.imp@bsdimp.com> : so spake "M. Warner Losh" (imp): : : > snprintf never returns a negative number. It always returns the : > number of characters that it would have used to make the string. : : Actually, on Solaris snprintf can return -1 due to an incorrect : locale-specific format string, although this does not appear to : be documented. : : And of course, Single Unix used to specify that -1 was returned : when out of space. : : If you are trying for "extreme portability" you might care. Which is why snprintf() makes a bad substitute for strlen :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 8:25:32 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAA7437B400; Mon, 15 Jul 2002 08:25:30 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03BC943E5E; Mon, 15 Jul 2002 08:25:29 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id A3086534B; Mon, 15 Jul 2002 17:25:27 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "M. Warner Losh" Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 References: <20020715112116.GE50130@hades.hell.gr> <20020715114437.GA51994@hades.hell.gr> <20020715.090542.07693309.imp@bsdimp.com> From: Dag-Erling Smorgrav Date: 15 Jul 2002 17:25:27 +0200 In-Reply-To: <20020715.090542.07693309.imp@bsdimp.com> Message-ID: Lines: 22 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "M. Warner Losh" writes: > : > There are two different cases - one is "sizeof(type)" which requires > : > parentheses, the other is "sizeof variable" which doesn't. In the > : > latter case, the rule about avoiding unnecessary parentheses applies. > That's not always the case. sizeof type always works too. No, "sizeof type" is a syntax error in C89 and C99. des@des ~% cat /tmp/sizeof.c int main(void) { int one = sizeof char; return one; } des@des ~% cc -o /dev/null /tmp/sizeof.c /tmp/sizeof.c: In function `main': /tmp/sizeof.c:4: syntax error before "char" DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 8:28:47 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CF2537B400; Mon, 15 Jul 2002 08:28:46 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36B7C43E77; Mon, 15 Jul 2002 08:28:45 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FFSi1f007292; Mon, 15 Jul 2002 09:28:44 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 09:28:04 -0600 (MDT) Message-Id: <20020715.092804.90381918.imp@bsdimp.com> To: des@ofug.org Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: References: <20020715114437.GA51994@hades.hell.gr> <20020715.090542.07693309.imp@bsdimp.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: Dag-Erling Smorgrav writes: : "M. Warner Losh" writes: : > : > There are two different cases - one is "sizeof(type)" which requires : > : > parentheses, the other is "sizeof variable" which doesn't. In the : > : > latter case, the rule about avoiding unnecessary parentheses applies. : > That's not always the case. sizeof type always works too. : : No, "sizeof type" is a syntax error in C89 and C99. In any event, sizeof(var) is the BSD way of saying that. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 8:36:37 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7352137B400; Mon, 15 Jul 2002 08:36:36 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0481B43E6D; Mon, 15 Jul 2002 08:36:36 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id EF5CA534A; Mon, 15 Jul 2002 17:36:33 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "M. Warner Losh" Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 References: <20020715114437.GA51994@hades.hell.gr> <20020715.090542.07693309.imp@bsdimp.com> <20020715.092804.90381918.imp@bsdimp.com> From: Dag-Erling Smorgrav Date: 15 Jul 2002 17:36:33 +0200 In-Reply-To: <20020715.092804.90381918.imp@bsdimp.com> Message-ID: Lines: 8 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "M. Warner Losh" writes: > In any event, sizeof(var) is the BSD way of saying that. Not according to bde + a significant amount of source code. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 9:24:14 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E49D337B401; Mon, 15 Jul 2002 09:24:11 -0700 (PDT) Received: from espresso.q9media.com (espresso.q9media.com [65.39.129.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6170243E70; Mon, 15 Jul 2002 09:24:10 -0700 (PDT) (envelope-from mike@espresso.q9media.com) Received: by espresso.q9media.com (Postfix, from userid 1002) id B660F9C11; Mon, 15 Jul 2002 12:19:58 -0400 (EDT) Date: Mon, 15 Jul 2002 12:19:58 -0400 From: Mike Barcroft To: "M. Warner Losh" Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, des@ofug.org, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 Message-ID: <20020715121958.D64412@espresso.q9media.com> References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> <20020715.090420.83279095.imp@bsdimp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020715.090420.83279095.imp@bsdimp.com>; from imp@bsdimp.com on Mon, Jul 15, 2002 at 09:04:20AM -0600 Organization: The FreeBSD Project Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG M. Warner Losh writes: > In message: <20020715111436.GD50130@hades.hell.gr> > Giorgos Keramidas writes: > : + if ((pathlen = snprintf(path, sizeof(path), "%s/%s", > : + source, p)) == -1 || pathlen >= (int)sizeof(path)) { > > That's down right stupid. > > snprintf never returns a negative number. It always returns the > number of characters that it would have used to make the string. C99 standardized -1 as a possible return value for encoding errors. I'm not sure why the return value is int and not ssize_t though (probably because C99 doesn't have an ssize_t). > The code was right before. However, maybe the following is better and > clearer: > > if (strlen(source) + strlen(p) + 1 >= PATH_MAX) { > ... ETOOLONG stuff > } > snprintf(...); You might just as well use sprintf() at this point. Best regards, Mike Barcroft To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 10:39:17 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7146737B40D; Mon, 15 Jul 2002 10:39:16 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C96C43E6E; Mon, 15 Jul 2002 10:39:02 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FH8O1f007840; Mon, 15 Jul 2002 11:08:24 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 11:08:06 -0600 (MDT) Message-Id: <20020715.110806.107966462.imp@bsdimp.com> To: des@ofug.org Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: References: <20020715.092804.90381918.imp@bsdimp.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: Dag-Erling Smorgrav writes: : "M. Warner Losh" writes: : > In any event, sizeof(var) is the BSD way of saying that. : : Not according to bde + a significant amount of source code. I think you are wrong. This has come up before and the result was sizeof(var). Don't change ln.c away from that. ln.c is mostly bsd code already, and I know that NetBSD/OpenBSD do it as sizeof(var) most of the time. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 10:39:20 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AED4737B427; Mon, 15 Jul 2002 10:39:17 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5CA343E6E; Mon, 15 Jul 2002 10:39:16 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FH9b1f007845; Mon, 15 Jul 2002 11:09:39 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 11:09:11 -0600 (MDT) Message-Id: <20020715.110911.124380985.imp@bsdimp.com> To: mike@FreeBSD.ORG Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, des@ofug.org, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: <20020715121958.D64412@espresso.q9media.com> References: <20020715111436.GD50130@hades.hell.gr> <20020715.090420.83279095.imp@bsdimp.com> <20020715121958.D64412@espresso.q9media.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <20020715121958.D64412@espresso.q9media.com> Mike Barcroft writes: : > The code was right before. However, maybe the following is better and : > clearer: : > : > if (strlen(source) + strlen(p) + 1 >= PATH_MAX) { : > ... ETOOLONG stuff : > } : > snprintf(...); : : You might just as well use sprintf() at this point. sprintf is considered harmful, and using snprintf specifically shows that you've 'fixed' that and it doesn't need to be 'audited'. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 10:45:40 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26E4837B400; Mon, 15 Jul 2002 10:45:39 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CD3A43E4A; Mon, 15 Jul 2002 10:45:38 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id BF46E534A; Mon, 15 Jul 2002 19:19:03 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "M. Warner Losh" Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 References: <20020715.092804.90381918.imp@bsdimp.com> <20020715.110806.107966462.imp@bsdimp.com> From: Dag-Erling Smorgrav Date: 15 Jul 2002 19:19:02 +0200 In-Reply-To: <20020715.110806.107966462.imp@bsdimp.com> Message-ID: Lines: 13 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "M. Warner Losh" writes: > Dag-Erling Smorgrav writes: > : "M. Warner Losh" writes: > : > In any event, sizeof(var) is the BSD way of saying that. > : Not according to bde + a significant amount of source code. > I think you are wrong. 7+ kloc (including OpenSSH, and some very old BSD code like src/games/) say I'm not. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 10:56:31 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B57DC37B400; Mon, 15 Jul 2002 10:56:29 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id DEBD943E70; Mon, 15 Jul 2002 10:56:27 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FHuQ1f008152; Mon, 15 Jul 2002 11:56:26 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 11:56:10 -0600 (MDT) Message-Id: <20020715.115610.117908719.imp@bsdimp.com> To: des@ofug.org Cc: keramida@FreeBSD.ORG, bde@zeta.org.au, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: References: <20020715.110806.107966462.imp@bsdimp.com> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: Dag-Erling Smorgrav writes: : "M. Warner Losh" writes: : > Dag-Erling Smorgrav writes: : > : "M. Warner Losh" writes: : > : > In any event, sizeof(var) is the BSD way of saying that. : > : Not according to bde + a significant amount of source code. : > I think you are wrong. : : 7+ kloc (including OpenSSH, and some very old BSD code like : src/games/) say I'm not. ln isn't in this style, nor is most of src/bin. Don't change it, ok? Of src/bin, I could only find 'sizeof var' in sh. The vast majority of other instances were sizeof(var). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 11:39:26 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7957537B400; Mon, 15 Jul 2002 11:39:24 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 257C443E64; Mon, 15 Jul 2002 11:39:23 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id EAA30253; Tue, 16 Jul 2002 04:39:16 +1000 Date: Tue, 16 Jul 2002 04:42:47 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Dag-Erling Smorgrav Cc: Giorgos Keramidas , Subject: Re: bin/ln & WARNS=5 In-Reply-To: Message-ID: <20020716044123.B41571-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 15 Jul 2002, Dag-Erling Smorgrav wrote: > Bruce Evans writes: > > That would break the possibly-intentional check for snprintf() failing. > > (size_t)-1 >= sizeof(path), but !(-1 >= (int)sizeof(path)). > > Casting a value which one knows may be negative to an unsigned type is > IMHO stupid. If the check is intentional, it should be done > explicitly. Well, it is what the original code does implicitly (except on machines where size_t is smaller than int; then size_t is promoted to int instead of int to size_t). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 12:10:47 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D20637B400; Mon, 15 Jul 2002 12:10:44 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2080543E42; Mon, 15 Jul 2002 12:10:43 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id FAA31690; Tue, 16 Jul 2002 05:10:39 +1000 Date: Tue, 16 Jul 2002 05:14:10 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Giorgos Keramidas Cc: Dag-Erling Smorgrav , Subject: Re: bin/ln & WARNS=5 In-Reply-To: <20020715111436.GD50130@hades.hell.gr> Message-ID: <20020716044254.G41571-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 15 Jul 2002, Giorgos Keramidas wrote: > On 2002-07-15 20:25 +0000, Bruce Evans wrote: > > On 15 Jul 2002, Dag-Erling Smorgrav wrote: > > > > > Giorgos Keramidas writes: > > > > The following allows me to build bin/ln with WARNS=5 on i386. > > > > Does it look OK, or have I missed something important? > > > > > > I'd rather cast sizeof to int. > > > > That would break the possibly-intentional check for snprintf() failing. > > (size_t)-1 >= sizeof(path), but !(-1 >= (int)sizeof(path)). > > My intuition was that size_t being unsigned won't require truncation > of the (int) return value... Lack of truncation by either of these casts is not at all clear. (This is true of casts in general, which is why they should be avoided. But the original code has implicit casts.) However, snprintf() is specified to return "a negative value" on error, and casting a negative calue to size_t might truncate it a lot, e.g., to 0 on machines with 33-bit ints and 32-bit u_ints. Documenttion of failure of snprintf is completely missing in printf.3. > But if one wanted to explicitly make > both a check for (-1) and the return value being less than the size of > the buffer would the following be more proper? One should want to check for a negative value. > %%% > Index: ln.c > =================================================================== > RCS file: /home/ncvs/src/bin/ln/ln.c,v > retrieving revision 1.28 > diff -u -r1.28 ln.c > --- ln.c 30 Jun 2002 05:13:54 -0000 1.28 > +++ ln.c 15 Jul 2002 11:12:13 -0000 > @@ -163,6 +163,7 @@ > const char *p; > int ch, exists, first; > char path[PATH_MAX]; > + int pathlen; This unsorts the variables. > > if (!sflag) { > /* If target doesn't exist, quit now. */ > @@ -189,8 +190,8 @@ > p = target; > else > ++p; > - if (snprintf(path, sizeof(path), "%s/%s", source, p) >= > - sizeof(path)) { > + if ((pathlen = snprintf(path, sizeof(path), "%s/%s", > + source, p)) == -1 || pathlen >= (int)sizeof(path)) { > errno = ENAMETOOLONG; > warn("%s", target); > return (1); > %%% This takes more code than I like, but I guess something like it is required to be strictly correct. I prefer: pathlen = snprintf(path, sizeof(path), "%s/%s", source, p); if (pathlen < 0 || pathlen >= (int)sizeof(path))) { Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 12:11:49 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B50037B400 for ; Mon, 15 Jul 2002 12:11:47 -0700 (PDT) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 85E5F43E64 for ; Mon, 15 Jul 2002 12:11:40 -0700 (PDT) (envelope-from keramida@FreeBSD.org) Received: from hades.hell.gr (patr530-b146.otenet.gr [212.205.244.154]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g6FJBbsC013319 for ; Mon, 15 Jul 2002 22:11:38 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.5/8.12.5) with ESMTP id g6FJBVft057592 for ; Mon, 15 Jul 2002 22:11:31 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Received: (from charon@localhost) by hades.hell.gr (8.12.5/8.12.5/Submit) id g6FIPFNr057392; Mon, 15 Jul 2002 21:25:15 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Date: Mon, 15 Jul 2002 21:25:15 +0300 From: Giorgos Keramidas To: "M. Warner Losh" Cc: bde@zeta.org.au, des@ofug.org, freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 Message-ID: <20020715182514.GC55859@hades.hell.gr> References: <20020715202126.S40071-100000@gamplex.bde.org> <20020715111436.GD50130@hades.hell.gr> <20020715.090420.83279095.imp@bsdimp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020715.090420.83279095.imp@bsdimp.com> X-Operating-System: FreeBSD 5.0-CURRENT i386 X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-Phone: +30-944-116520 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-07-15 09:04 +0000, M. Warner Losh wrote: > In message: <20020715111436.GD50130@hades.hell.gr> > Giorgos Keramidas writes: > : + if ((pathlen = snprintf(path, sizeof(path), "%s/%s", > : + source, p)) == -1 || pathlen >= (int)sizeof(path)) { > > That's down right stupid. > > snprintf never returns a negative number. It always returns the > number of characters that it would have used to make the string. It's not obvious from the manpage. I haven't read the __vfprintf() code to find out, but I assumed this is why the return type of snprintf() was declared as `int' and not as `size_t'. If -1 is never possible to be a return value of snprintf(), then I assumed wrong. > The code was right before. However, maybe the following is better and > clearer: > > if (strlen(source) + strlen(p) + 1 >= PATH_MAX) { > ... ETOOLONG stuff > } > snprintf(...); The format of sprintf() after the size checks is "%s/%s" and sprintf() will need +2 bytes to store '/' and the terminating '\0'. How about this? %%% Index: ln.c =================================================================== RCS file: /home/ncvs/src/bin/ln/ln.c,v retrieving revision 1.28 diff -u -r1.28 ln.c --- ln.c 30 Jun 2002 05:13:54 -0000 1.28 +++ ln.c 15 Jul 2002 18:20:19 -0000 @@ -189,12 +189,12 @@ p = target; else ++p; - if (snprintf(path, sizeof(path), "%s/%s", source, p) >= - sizeof(path)) { + if (strlen(source) + strlen(p) + 2 > sizeof path) { errno = ENAMETOOLONG; warn("%s", target); return (1); } + sprintf(path, "%s/%s", source, p); source = path; } %%% To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 12:22:59 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4860537B400; Mon, 15 Jul 2002 12:22:57 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4BFA43E67; Mon, 15 Jul 2002 12:22:55 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id FAA32313; Tue, 16 Jul 2002 05:22:32 +1000 Date: Tue, 16 Jul 2002 05:26:02 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Dag-Erling Smorgrav Cc: "M. Warner Losh" , , Subject: Re: bin/ln & WARNS=5 In-Reply-To: Message-ID: <20020716051814.Q41695-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 15 Jul 2002, Dag-Erling Smorgrav wrote: > "M. Warner Losh" writes: > > Dag-Erling Smorgrav writes: > > : "M. Warner Losh" writes: > > : > In any event, sizeof(var) is the BSD way of saying that. > > : Not according to bde + a significant amount of source code. > > I think you are wrong. > > 7+ kloc (including OpenSSH, and some very old BSD code like > src/games/) say I'm not. That is a bug in 7+ kloc. No so very old code like src/bin/ln (together with most of src/bin and large parts of src/{sbin,usr.bin,usr.sbin} was obviously cleaned up to have a common style in 4.4BSD or earlier. Equally obviously, the cleanup didn't get as far as src/games. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 12:24:17 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 772FF37B400; Mon, 15 Jul 2002 12:24:15 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3148B43E42; Mon, 15 Jul 2002 12:24:14 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FJNm1f008781; Mon, 15 Jul 2002 13:23:50 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 13:23:23 -0600 (MDT) Message-Id: <20020715.132323.19489929.imp@bsdimp.com> To: keramida@FreeBSD.org Cc: bde@zeta.org.au, des@ofug.org, freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: <20020715182514.GC55859@hades.hell.gr> References: <20020715111436.GD50130@hades.hell.gr> <20020715.090420.83279095.imp@bsdimp.com> <20020715182514.GC55859@hades.hell.gr> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This looks good to me. I'd quibble over sizeof path vs sizeof(path), but that's not enough for you to necessarily change it :-). We've also used snprintf in preference to sprintf because the former is a failsafe interface, while the latter could do weird things if our checks are incoorect for some reason. The + 2 looks good to me, and I agree with it. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 12:28:34 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 837F437B400; Mon, 15 Jul 2002 12:28:32 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D1B743E5E; Mon, 15 Jul 2002 12:28:31 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FJSR1f008830; Mon, 15 Jul 2002 13:28:30 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 13:28:02 -0600 (MDT) Message-Id: <20020715.132802.128242391.imp@bsdimp.com> To: bde@zeta.org.au Cc: des@ofug.org, keramida@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: <20020716051814.Q41695-100000@gamplex.bde.org> References: <20020716051814.Q41695-100000@gamplex.bde.org> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <20020716051814.Q41695-100000@gamplex.bde.org> Bruce Evans writes: : That is a bug in 7+ kloc. No so very old code like src/bin/ln (together : with most of src/bin and large parts of src/{sbin,usr.bin,usr.sbin} : was obviously cleaned up to have a common style in 4.4BSD or earlier. : Equally obviously, the cleanup didn't get as far as src/games. So would you agree with: Index: style.9 =================================================================== RCS file: /cache/ncvs/src/share/man/man9/style.9,v retrieving revision 1.87 diff -u -r1.87 style.9 --- style.9 2 Jul 2002 01:39:35 -0000 1.87 +++ style.9 15 Jul 2002 18:15:58 -0000 @@ -520,6 +520,13 @@ Note that .Xr indent 1 does not understand this rule. +.Ic sizeof Ns 's +are written like function calls always. +The redundant parenthesis rules do not apply to +.Ic sizeof(var) +instances. +Some code in the tree does not follow the last part of this rule. +Do not change it gratuitously to do so. .Pp .Dv NULL is the preferred null pointer constant. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 12:31: 7 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 52C6B37B405 for ; Mon, 15 Jul 2002 12:30:53 -0700 (PDT) Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0605943E4A for ; Mon, 15 Jul 2002 12:30:52 -0700 (PDT) (envelope-from keramida@FreeBSD.org) Received: from hades.hell.gr (patr530-b146.otenet.gr [212.205.244.154]) by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g6FJUnsC029362; Mon, 15 Jul 2002 22:30:49 +0300 (EEST) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.5/8.12.5) with ESMTP id g6FJUmft058686; Mon, 15 Jul 2002 22:30:48 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Received: (from charon@localhost) by hades.hell.gr (8.12.5/8.12.5/Submit) id g6FJUmNP058685; Mon, 15 Jul 2002 22:30:48 +0300 (EEST) (envelope-from keramida@FreeBSD.org) Date: Mon, 15 Jul 2002 22:30:48 +0300 From: Giorgos Keramidas To: Bruce Evans Cc: Dag-Erling Smorgrav , freebsd-audit@FreeBSD.org Subject: Re: bin/ln & WARNS=5 Message-ID: <20020715193047.GE55859@hades.hell.gr> References: <20020715111436.GD50130@hades.hell.gr> <20020716044254.G41571-100000@gamplex.bde.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020716044254.G41571-100000@gamplex.bde.org> X-Operating-System: FreeBSD 5.0-CURRENT i386 X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 X-Phone: +30-944-116520 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-07-16 05:14 +0000, Bruce Evans wrote: > On Mon, 15 Jul 2002, Giorgos Keramidas wrote: > > const char *p; > > int ch, exists, first; > > char path[PATH_MAX]; > > + int pathlen; > > This unsorts the variables. So pathlen should be with the rest of those `int's. Right. > This takes more code than I like, but I guess something like it is required > to be strictly correct. I prefer: > > pathlen = snprintf(path, sizeof(path), "%s/%s", source, p); > if (pathlen < 0 || pathlen >= (int)sizeof(path))) { Warren has suggested that we check first if the buffer space would be enough and then use snprintf() [as I understood from a later post]. I'm equally happy with both versions, and I would really like to cover all the possible snprintf() return values; both positive and negative. It's not very clear if snprintf() can return a negative value, and it is definitely possible as some have pointed out in C99. I prefer guarding against this case too, just in case. So, we have now two versions of the diff to choose from. One that checks for the appropriate buffer size before snprintf() is called. I've changed sizeof to use () here, and sprintf/snprintf again. %%% Index: ln.c =================================================================== RCS file: /home/ncvs/src/bin/ln/ln.c,v retrieving revision 1.28 diff -u -r1.28 ln.c --- ln.c 30 Jun 2002 05:13:54 -0000 1.28 +++ ln.c 15 Jul 2002 18:20:19 -0000 @@ -189,12 +189,12 @@ p = target; else ++p; - if (snprintf(path, sizeof(path), "%s/%s", source, p) >= - sizeof(path)) { + if (strlen(source) + strlen(p) + 2 > sizeof(path)) { errno = ENAMETOOLONG; warn("%s", target); return (1); } + snprintf(path, sizeof(path), "%s/%s", source, p); source = path; } %%% And the second version is something that calls snprintf() anyway and then checks the result. %%% Index: ln.c =================================================================== RCS file: /home/ncvs/src/bin/ln/ln.c,v retrieving revision 1.28 diff -u -r1.28 ln.c --- ln.c 30 Jun 2002 05:13:54 -0000 1.28 +++ ln.c 15 Jul 2002 19:28:52 -0000 @@ -161,7 +161,7 @@ { struct stat sb; const char *p; - int ch, exists, first; + int ch, exists, first, pathlen; char path[PATH_MAX]; if (!sflag) { @@ -189,8 +189,8 @@ p = target; else ++p; - if (snprintf(path, sizeof(path), "%s/%s", source, p) >= - sizeof(path)) { + pathlen = snprintf(path, sizeof path, "%s/%s", source, p); + if (pathlen < 0 || pathlen >= (int)sizeof(path)) { errno = ENAMETOOLONG; warn("%s", target); return (1); %%% Both versions compile cleanly with WARNS=5. Which one do we feel better like using? - Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 13:32:28 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4824437B400; Mon, 15 Jul 2002 13:32:27 -0700 (PDT) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD6AB43E42; Mon, 15 Jul 2002 13:32:26 -0700 (PDT) (envelope-from des@ofug.org) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 49A8D534A; Mon, 15 Jul 2002 22:32:25 +0200 (CEST) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Bruce Evans Cc: "M. Warner Losh" , , Subject: Re: bin/ln & WARNS=5 References: <20020716051814.Q41695-100000@gamplex.bde.org> From: Dag-Erling Smorgrav Date: 15 Jul 2002 22:32:23 +0200 In-Reply-To: <20020716051814.Q41695-100000@gamplex.bde.org> Message-ID: Lines: 12 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Bruce Evans writes: > On 15 Jul 2002, Dag-Erling Smorgrav wrote: > > 7+ kloc (including OpenSSH, and some very old BSD code like > > src/games/) say I'm not. > That is a bug in 7+ kloc. Umm, you told me yourself, when I asked you about this issue, that my interpretation was correct. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 13:32:44 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1344837B400; Mon, 15 Jul 2002 13:32:41 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id E087A43E5E; Mon, 15 Jul 2002 13:32:39 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id GAA03441; Tue, 16 Jul 2002 06:32:26 +1000 Date: Tue, 16 Jul 2002 06:35:56 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: "M. Warner Losh" Cc: des@ofug.org, , Subject: Re: bin/ln & WARNS=5 In-Reply-To: <20020715.132802.128242391.imp@bsdimp.com> Message-ID: <20020716063117.G41957-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 15 Jul 2002, M. Warner Losh wrote: > In message: <20020716051814.Q41695-100000@gamplex.bde.org> > Bruce Evans writes: > : That is a bug in 7+ kloc. No so very old code like src/bin/ln (together > : with most of src/bin and large parts of src/{sbin,usr.bin,usr.sbin} > : was obviously cleaned up to have a common style in 4.4BSD or earlier. > : Equally obviously, the cleanup didn't get as far as src/games. > > So would you agree with: > > Index: style.9 > =================================================================== > RCS file: /cache/ncvs/src/share/man/man9/style.9,v > retrieving revision 1.87 > diff -u -r1.87 style.9 > --- style.9 2 Jul 2002 01:39:35 -0000 1.87 > +++ style.9 15 Jul 2002 18:15:58 -0000 > @@ -520,6 +520,13 @@ > Note that > .Xr indent 1 > does not understand this rule. > +.Ic sizeof Ns 's > +are written like function calls always. > +The redundant parenthesis rules do not apply to > +.Ic sizeof(var) > +instances. > +Some code in the tree does not follow the last part of this rule. > +Do not change it gratuitously to do so. > .Pp > .Dv NULL > is the preferred null pointer constant. > OK. One of the many inconsistencies in style.9 was that it says that casts are "not followed by a space" (so "sizeof foo" is not permitted) and that parentheses must not be used "unless they are required for precedence or ..." (so "sizeof foo" is required). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 13:34:23 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 11E8937B400; Mon, 15 Jul 2002 13:34:21 -0700 (PDT) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id D524343E65; Mon, 15 Jul 2002 13:34:19 -0700 (PDT) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.3/8.12.3) with ESMTP id g6FKYG1f009163; Mon, 15 Jul 2002 14:34:16 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Mon, 15 Jul 2002 14:33:59 -0600 (MDT) Message-Id: <20020715.143359.133959512.imp@bsdimp.com> To: bde@zeta.org.au Cc: des@ofug.org, keramida@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 From: "M. Warner Losh" In-Reply-To: <20020716063117.G41957-100000@gamplex.bde.org> References: <20020715.132802.128242391.imp@bsdimp.com> <20020716063117.G41957-100000@gamplex.bde.org> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <20020716063117.G41957-100000@gamplex.bde.org> Bruce Evans writes: : On Mon, 15 Jul 2002, M. Warner Losh wrote: : : > In message: <20020716051814.Q41695-100000@gamplex.bde.org> : > Bruce Evans writes: : > : That is a bug in 7+ kloc. No so very old code like src/bin/ln (together : > : with most of src/bin and large parts of src/{sbin,usr.bin,usr.sbin} : > : was obviously cleaned up to have a common style in 4.4BSD or earlier. : > : Equally obviously, the cleanup didn't get as far as src/games. : > : > So would you agree with: : > : > Index: style.9 : > =================================================================== : > RCS file: /cache/ncvs/src/share/man/man9/style.9,v : > retrieving revision 1.87 : > diff -u -r1.87 style.9 : > --- style.9 2 Jul 2002 01:39:35 -0000 1.87 : > +++ style.9 15 Jul 2002 18:15:58 -0000 : > @@ -520,6 +520,13 @@ : > Note that : > .Xr indent 1 : > does not understand this rule. : > +.Ic sizeof Ns 's : > +are written like function calls always. : > +The redundant parenthesis rules do not apply to : > +.Ic sizeof(var) : > +instances. : > +Some code in the tree does not follow the last part of this rule. : > +Do not change it gratuitously to do so. : > .Pp : > .Dv NULL : > is the preferred null pointer constant. : > : : OK. One of the many inconsistencies in style.9 was that it says that : casts are "not followed by a space" (so "sizeof foo" is not permitted) : and that parentheses must not be used "unless they are required for : precedence or ..." (so "sizeof foo" is required). That's what I'm trying to clear up here. Whenever we find one and make some kind of determination, I'd like to document it. This is my first cut at so doing. :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 13:54:27 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5393937B400; Mon, 15 Jul 2002 13:54:24 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 43FC143E42; Mon, 15 Jul 2002 13:54:23 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id GAA04864; Tue, 16 Jul 2002 06:54:20 +1000 Date: Tue, 16 Jul 2002 06:57:51 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Giorgos Keramidas Cc: Dag-Erling Smorgrav , Subject: Re: bin/ln & WARNS=5 In-Reply-To: <20020715193047.GE55859@hades.hell.gr> Message-ID: <20020716063636.R41957-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 15 Jul 2002, Giorgos Keramidas wrote: > Warren has suggested that we check first if the buffer space would be > enough and then use snprintf() [as I understood from a later post]. Hi Warren ;-). I prefer the version using snprintf() because it does the overflow checks correctly. > It's not very clear if snprintf() can return a negative value, and it > is definitely possible as some have pointed out in C99. I prefer > guarding against this case too, just in case. POSIX.1-2001 says some more about this and adds some bugs, at least in the draft7 version. It specifies setting errno to EOVERFLOW and requires snprintf(NULL, SIZE_MAX, "") to fail gratuitously if SIZE_MAX > INT_MAX. FreeBSD's snprintf() only fails due to overflow errors if the infinite-precision result would be larger than INT_MAX. This can easily happen for silly cases like snprintf(NULL, 0, "%*sX", INT_MAX, "") or even for snprintf(path, sizeof(path), "%s/%s", source, p); where strlen(source) + 1 + strlen(p) in infinit precision is larger than INT_MAX. Some of the strings in ln.c are from argv, so only non-astonishing limits on ARG_MAX prevent users providing strings that would cause overflow. > So, we have now two versions of the diff to choose from. One that > checks for the appropriate buffer size before snprintf() is called. > I've changed sizeof to use () here, and sprintf/snprintf again. > > %%% > Index: ln.c > =================================================================== > RCS file: /home/ncvs/src/bin/ln/ln.c,v > retrieving revision 1.28 > diff -u -r1.28 ln.c > --- ln.c 30 Jun 2002 05:13:54 -0000 1.28 > +++ ln.c 15 Jul 2002 18:20:19 -0000 > @@ -189,12 +189,12 @@ > p = target; > else > ++p; > - if (snprintf(path, sizeof(path), "%s/%s", source, p) >= > - sizeof(path)) { > + if (strlen(source) + strlen(p) + 2 > sizeof(path)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This expression may overflow (twice). Most code doesn't worry about such overflows, but snprintf() avoids this overflow so I think we should depend on snprintf()'s checking and not roll our own broken version. > errno = ENAMETOOLONG; > warn("%s", target); > return (1); > } > + snprintf(path, sizeof(path), "%s/%s", source, p); > source = path; > } > > %%% > > And the second version is something that calls snprintf() anyway and > then checks the result. I prefer this, except it has a new style bug (`sizeof(path)' -> `sizeof path' in 1 place). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Jul 15 17:54: 4 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 602E437B401; Mon, 15 Jul 2002 17:54:02 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 481D043E31; Mon, 15 Jul 2002 17:54:01 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id KAA31231; Tue, 16 Jul 2002 10:53:52 +1000 Date: Tue, 16 Jul 2002 10:57:24 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Dag-Erling Smorgrav Cc: "M. Warner Losh" , , Subject: Re: bin/ln & WARNS=5 In-Reply-To: Message-ID: <20020716105507.D42629-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 15 Jul 2002, Dag-Erling Smorgrav wrote: > Bruce Evans writes: > > On 15 Jul 2002, Dag-Erling Smorgrav wrote: > > > 7+ kloc (including OpenSSH, and some very old BSD code like > > > src/games/) say I'm not. > > That is a bug in 7+ kloc. > > Umm, you told me yourself, when I asked you about this issue, that my > interpretation was correct. I must have miscommunicated this, or may you asked many years ago before I changed my mind about this. I have always preferred "sizeof object", but it is not what most KNF sources actually do. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jul 16 4:41:10 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49FA637B400 for ; Tue, 16 Jul 2002 04:41:07 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id B892C43E64 for ; Tue, 16 Jul 2002 04:41:03 -0700 (PDT) (envelope-from mark@grimreaper.grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.5/8.12.5) with ESMTP id g6GBemYm011809; Tue, 16 Jul 2002 12:40:48 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.5/8.12.5/Submit) with UUCP id g6GBelhc011808; Tue, 16 Jul 2002 12:40:47 +0100 (BST) Received: from grimreaper.grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.5/8.12.5) with ESMTP id g6GBcguH031715; Tue, 16 Jul 2002 12:38:42 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Message-Id: <200207161138.g6GBcguH031715@grimreaper.grondar.org> To: "M. Warner Losh" Cc: freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 References: <20020715.132802.128242391.imp@bsdimp.com> In-Reply-To: <20020715.132802.128242391.imp@bsdimp.com> ; from "M. Warner Losh" "Mon, 15 Jul 2002 13:28:02 MDT." Date: Tue, 16 Jul 2002 12:38:42 +0100 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > So would you agree with: > > Index: style.9 > =================================================================== > RCS file: /cache/ncvs/src/share/man/man9/style.9,v > retrieving revision 1.87 > diff -u -r1.87 style.9 > --- style.9 2 Jul 2002 01:39:35 -0000 1.87 > +++ style.9 15 Jul 2002 18:15:58 -0000 > @@ -520,6 +520,13 @@ > Note that > .Xr indent 1 > does not understand this rule. > +.Ic sizeof Ns 's > +are written like function calls always. "are written like function calls." > +The redundant parenthesis rules do not apply to > +.Ic sizeof(var) > +instances. " ... by BSD convention.". > +Some code in the tree does not follow the last part of this rule. > +Do not change it gratuitously to do so. Why not? We gratuitously remove register. The above is a rule with no reason. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jul 16 15:23:39 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DC9F837B405 for ; Tue, 16 Jul 2002 15:23:20 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5C21843E31 for ; Tue, 16 Jul 2002 15:23:16 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id IAA29817; Wed, 17 Jul 2002 08:22:52 +1000 Date: Wed, 17 Jul 2002 08:26:34 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Mark Murray Cc: "M. Warner Losh" , Subject: Re: bin/ln & WARNS=5 In-Reply-To: <200207161138.g6GBcguH031715@grimreaper.grondar.org> Message-ID: <20020717081218.N2535-100000@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 16 Jul 2002, Mark Murray wrote: > > So would you agree with: > > > > Index: style.9 > > =================================================================== > > RCS file: /cache/ncvs/src/share/man/man9/style.9,v > > retrieving revision 1.87 > > diff -u -r1.87 style.9 > > --- style.9 2 Jul 2002 01:39:35 -0000 1.87 > > +++ style.9 15 Jul 2002 18:15:58 -0000 > > @@ -520,6 +520,13 @@ > > Note that > > .Xr indent 1 > > does not understand this rule. > > +.Ic sizeof Ns 's > > +are written like function calls always. > > "are written like function calls." Oops, I agreed too fast :-). sizeof's are NOT written like function calls always. "sizeof(struct foo)" is not written like a function call. The rule should be something like something like "The argument of a sizeof is parenthesized whether or not the parentheses are required for syntactical reasons". > > +The redundant parenthesis rules do not apply to > > +.Ic sizeof(var) > > +instances. > > " ... by BSD convention.". This goes without saying (and doesn't need to be said). The whole file is about conventions. > > +Some code in the tree does not follow the last part of this rule. > > +Do not change it gratuitously to do so. > > Why not? We gratuitously remove register. The above is a rule with > no reason. Because it gives myriads of gratuitous changes. There should be a rule about not gratuitously removing register too. Actually, we already have one near the end of the file: % Stylistic changes (including whitespace changes) are hard on the source % repository and are to be avoided without good reason. My version of style.9 also has this meta-rule near the start of the file: % /* % * Internal consistency (per-file) has precedence over these rules. % */ % .Ed % .\" Most files are not internally consistent, so these rules usually % .\" apply :-). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Jul 16 18:21:58 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5857937B400 for ; Tue, 16 Jul 2002 18:21:56 -0700 (PDT) Received: from turbine.trit.org (turbine.trit.org [63.198.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id D533243E31 for ; Tue, 16 Jul 2002 18:21:55 -0700 (PDT) (envelope-from dima@trit.org) Received: from turbine.trit.org (localhost [127.0.0.1]) by turbine.trit.org (Postfix) with ESMTP id CC5783E22; Wed, 17 Jul 2002 01:21:54 +0000 (UTC) To: thomas@cuivre.fr.eu.org Cc: audit@freebsd.org Subject: Re: lock(1) -v (was: VT_LOCKSWITCH) In-Reply-To: <20020715115148.A30985@melusine.cuivre.fr.eu.org>; from thomas@cuivre.fr.eu.org on "Mon, 15 Jul 2002 11:51:48 +0200" Date: Wed, 17 Jul 2002 01:21:54 +0000 From: Dima Dorfman Message-Id: <20020717012154.CC5783E22@turbine.trit.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thomas Quinot wrote: > Le 2002-07-15, Dima Dorfman écrivait : > > > Anybody care to review this patch? I'd rather not commit unreviewed > > changes to a setuid root program. > > I think we'd be safer with an explicit initialization of vtyunlock. Where, why, and to what do you think it should be initialized? It's safe to assume that global variables will be initialized to 0, and it isn't used anywhere (except in tests) unless it's set to 0x2 when we lock the screen. Thanks, Dima. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jul 17 2:16: 1 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD12337B400 for ; Wed, 17 Jul 2002 02:15:58 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D45A43E31 for ; Wed, 17 Jul 2002 02:15:53 -0700 (PDT) (envelope-from mark@grimreaper.grondar.org) Received: from storm.FreeBSD.org.uk (uucp@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.5/8.12.5) with ESMTP id g6H9Fh9G037137; Wed, 17 Jul 2002 10:15:44 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.12.5/8.12.5/Submit) with UUCP id g6H9FggN037136; Wed, 17 Jul 2002 10:15:42 +0100 (BST) Received: from grimreaper.grondar.org (localhost [127.0.0.1]) by grimreaper.grondar.org (8.12.5/8.12.5) with ESMTP id g6H9F2uH037129; Wed, 17 Jul 2002 10:15:02 +0100 (BST) (envelope-from mark@grimreaper.grondar.org) Message-Id: <200207170915.g6H9F2uH037129@grimreaper.grondar.org> To: Bruce Evans Cc: freebsd-audit@FreeBSD.ORG Subject: Re: bin/ln & WARNS=5 References: <20020717081218.N2535-100000@gamplex.bde.org> In-Reply-To: <20020717081218.N2535-100000@gamplex.bde.org> ; from Bruce Evans "Wed, 17 Jul 2002 08:26:34 +1000." Date: Wed, 17 Jul 2002 10:15:02 +0100 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > > +Some code in the tree does not follow the last part of this rule. > > > +Do not change it gratuitously to do so. > > > > Why not? We gratuitously remove register. The above is a rule with > > no reason. > > Because it gives myriads of gratuitous changes. There should be a rule > about not gratuitously removing register too. Actually, we already have > one near the end of the file: > > % Stylistic changes (including whitespace changes) are hard on the source > % repository and are to be avoided without good reason. This then comes down to what is defined as "good reason". I believe that cleaning up code, fixing warnings and generally modernising ugly code is good reason. > My version of style.9 also has this meta-rule near the start of the file: > > % /* > % * Internal consistency (per-file) has precedence over these rules. > % */ > % .Ed > % .\" Most files are not internally consistent, so these rules usually > % .\" apply :-). Sort of. take a look at some very old Sun code - rpcgen is a good one. It siffers from a bad case of int-itis (everything fits into an int or defaults to an int). Maintaining stagnant code for purely repo bloat reasons is a dumb rule, I think. The SCM system is to allow forward movement, not to hold us back. In patchkit days, such changes would have been insane. Now we have the tools, and constructing reasons not to use them is to lose the plot. M -- o Mark Murray \_ O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message