From owner-freebsd-arch Mon Dec 11 19: 1:30 2000 From owner-freebsd-arch@FreeBSD.ORG Mon Dec 11 19:01:28 2000 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from earth.backplane.com (placeholder-dcat-1076843399.broadbandoffice.net [64.47.83.135]) by hub.freebsd.org (Postfix) with ESMTP id F002A37B400 for ; Mon, 11 Dec 2000 19:01:27 -0800 (PST) Received: (from dillon@localhost) by earth.backplane.com (8.11.1/8.9.3) id eBC2xfb99004; Mon, 11 Dec 2000 18:59:41 -0800 (PST) (envelope-from dillon) Date: Mon, 11 Dec 2000 18:59:41 -0800 (PST) From: Matt Dillon Message-Id: <200012120259.eBC2xfb99004@earth.backplane.com> To: kris@citusc.usc.edu Cc: Dag-Erling Smorgrav , arch@FreeBSD.ORG Subject: Re: Safe string formatting in the kernel References: <20001211185610.A1741@citusc.usc.edu> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :On Mon, Dec 11, 2000 at 07:03:21PM +0100, Dag-Erling Smorgrav wrote: :> I've implemented a set of functions for performing safe string :> formatting in the kernel, based on an initial idea (and design) by :> Poul-Henning. There's a patch up on freefall: : :I haven't reviewed this implementation, but introducing a secure :string handling API into the kernel has my support as security :officer. The current abuse of sprintf() in the kernel is really, :really scary. : :Kris sprintf(), strcpy(), and strcat(). But why not just replace those functions with an snprintf() equivalent? I don't think we really need a dynamic string allocation mechanism in the kernel, there is virtually nowhere where it would actually be of any use. sprintf() -> snprintf(...) strcpy() -> sn_strcpy(dst, src, sizeof_destination_buffer) strcat() -> sn_strcat(dst, src, sizeof_destination_buffer) -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message