From owner-freebsd-audit@FreeBSD.ORG Wed Aug 27 01:09:13 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 571CB16A4BF; Wed, 27 Aug 2003 01:09:13 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6527243F85; Wed, 27 Aug 2003 01:09:12 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 617E23ABB4F; Wed, 27 Aug 2003 10:10:36 +0200 (CEST) Date: Wed, 27 Aug 2003 10:10:36 +0200 From: Pawel Jakub Dawidek To: Alexander Leidinger Message-ID: <20030827081036.GL47959@garage.freebsd.pl> References: <20030817130114.2bfb3cf1.Alexander@Leidinger.net> <20030817133824.GA71246@madman.celabo.org> <20030818115928.20c1c570.Alexander@Leidinger.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="KsSkVHHhotaZRe1D" Content-Disposition: inline In-Reply-To: <20030818115928.20c1c570.Alexander@Leidinger.net> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE-p3 i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: ports@freebsd.org cc: audit@freebsd.org cc: Chris Knight Subject: Re: SecFix for databases/firebird, please review X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 08:09:13 -0000 --KsSkVHHhotaZRe1D Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 18, 2003 at 11:59:28AM +0200, Alexander Leidinger wrote: +> Thanks for the review. I've updated +> http://www.leidinger.net/FreeBSD/firebird-1.0.2-secfix.tar.bz2 (modulo +> Chris' work in progress). I'm looking forward to the next round. :-) IMHO there are still problems with strncat(3). If you use something like that: strncat(buf, string, sizeof(buf) - 1); why not just use: strncpy(buf, string, sizeof(buf) - 1); because correct form is: strncat(buf, string, sizeof(buf) - strlen(buf) - 1); There is also syntax error here: strncat (ib_prefix_msg_val, MAXPATHLEN, ib_prefix_msg); You also still don't add: buf[sizeof(buf) - 1] =3D '\0'; after all strncat(3)s. This was in first patch:) IMHO if you want to keep portability, just add some BSD-licensed strlcat(3) and strlcpy(3) implementations to firebird's code and use it, because strncat(3) is really fucked up. --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --KsSkVHHhotaZRe1D Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP0xnfD/PhmMH/Mf1AQFblwP/f0mPHHbFiO9eRmJm1sjxNdurH9p0zFCY gjQWrssTFCjhgYdfGWjFX/HGrloWavwPLNikCHUFmT/Z3FhEZBwHIs5BlkeMgtJu q1IG5OA8AvLg28pIeJpYl4WqJPAsxjfdqTaIV3izecTCu90ti273X/H40ket2F4I 2FbbXvQtOuw= =jzMA -----END PGP SIGNATURE----- --KsSkVHHhotaZRe1D-- From owner-freebsd-audit@FreeBSD.ORG Wed Aug 27 02:16:05 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBEF016A4C0; Wed, 27 Aug 2003 02:16:05 -0700 (PDT) Received: from mailout08.sul.t-online.com (mailout08.sul.t-online.com [194.25.134.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id C332243FE1; Wed, 27 Aug 2003 02:16:03 -0700 (PDT) (envelope-from Alexander@Leidinger.net) Received: from fwd01.aul.t-online.de by mailout08.sul.t-online.com with smtp id 19rwPI-00072i-03; Wed, 27 Aug 2003 11:16:00 +0200 Received: from Andro-Beta.Leidinger.net (XLn5aYZc8epQkHQSvRtogU9l6mq13QpRaAveiYoru9UJfS3e8ooosk@[80.131.113.207]) by fmrl01.sul.t-online.com with esmtp id 19rwPF-0gQCnY0; Wed, 27 Aug 2003 11:15:57 +0200 Received: from Magelan.Leidinger.net (Magelan [192.168.1.1]) h7R9Gx9O084949; Wed, 27 Aug 2003 11:16:59 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from Magelan.Leidinger.net (netchild@localhost [127.0.0.1]) by Magelan.Leidinger.net (8.12.9/8.12.9) with SMTP id h7R9HXBA008118; Wed, 27 Aug 2003 11:17:33 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Date: Wed, 27 Aug 2003 11:17:33 +0200 From: Alexander Leidinger To: Pawel Jakub Dawidek Message-Id: <20030827111733.23d7bb71.Alexander@Leidinger.net> In-Reply-To: <20030827081036.GL47959@garage.freebsd.pl> References: <20030817130114.2bfb3cf1.Alexander@Leidinger.net> <20030817133824.GA71246@madman.celabo.org> <20030818115928.20c1c570.Alexander@Leidinger.net> <20030827081036.GL47959@garage.freebsd.pl> X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Seen: false X-ID: XLn5aYZc8epQkHQSvRtogU9l6mq13QpRaAveiYoru9UJfS3e8ooosk@t-dialin.net cc: ports@freebsd.org cc: audit@freebsd.org cc: Chris Knight Subject: Re: SecFix for databases/firebird, please review X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2003 09:16:06 -0000 On Wed, 27 Aug 2003 10:10:36 +0200 Pawel Jakub Dawidek wrote: > On Mon, Aug 18, 2003 at 11:59:28AM +0200, Alexander Leidinger wrote: > +> Thanks for the review. I've updated > +> http://www.leidinger.net/FreeBSD/firebird-1.0.2-secfix.tar.bz2 (modulo > +> Chris' work in progress). I'm looking forward to the next round. :-) > > IMHO there are still problems with strncat(3). > > If you use something like that: > > strncat(buf, string, sizeof(buf) - 1); > > why not just use: > > strncpy(buf, string, sizeof(buf) - 1); Because behavior of strncpy != behavior of strncat. And I want to preserve as much as possible from the original code. > because correct form is: > > strncat(buf, string, sizeof(buf) - strlen(buf) - 1); Where did I missed this? Yes, I don't use strlen(destination), I use strlen(previous_source) instead, but the result is the same. > There is also syntax error here: > > strncat (ib_prefix_msg_val, MAXPATHLEN, ib_prefix_msg); Oops. Fixed locally. > You also still don't add: > > buf[sizeof(buf) - 1] = '\0'; > > after all strncat(3)s. Hmmm... yes, I see the problem... > This was in first patch:) It's the largest one... > IMHO if you want to keep portability, just add some BSD-licensed strlcat(3) > and strlcpy(3) implementations to firebird's code and use it, because > strncat(3) is really fucked up. Or just use strl* in the port und wait for firebird 1.5... Chris, what do you think? Bye, Alexander. -- If Bill Gates had a dime for every time a Windows box crashed... ...Oh, wait a minute, he already does. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7