Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 Aug 2003 10:10:36 +0200
From:      Pawel Jakub Dawidek <nick@garage.freebsd.pl>
To:        Alexander Leidinger <Alexander@Leidinger.net>
Cc:        Chris Knight <chris@e-easy.com.au>
Subject:   Re: SecFix for databases/firebird, please review
Message-ID:  <20030827081036.GL47959@garage.freebsd.pl>
In-Reply-To: <20030818115928.20c1c570.Alexander@Leidinger.net>
References:  <20030817130114.2bfb3cf1.Alexander@Leidinger.net> <20030817133824.GA71246@madman.celabo.org> <20030818115928.20c1c570.Alexander@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--KsSkVHHhotaZRe1D
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 18, 2003 at 11:59:28AM +0200, Alexander Leidinger wrote:
+> Thanks for the review. I've updated
+> http://www.leidinger.net/FreeBSD/firebird-1.0.2-secfix.tar.bz2 (modulo
+> Chris' work in progress). I'm looking forward to the next round. :-)

IMHO there are still problems with strncat(3).

If you use something like that:

	strncat(buf, string, sizeof(buf) - 1);

why not just use:

	strncpy(buf, string, sizeof(buf) - 1);

because correct form is:

	strncat(buf, string, sizeof(buf) - strlen(buf) - 1);

There is also syntax error here:

	strncat (ib_prefix_msg_val, MAXPATHLEN, ib_prefix_msg);

You also still don't add:

	buf[sizeof(buf) - 1] =3D '\0';

after all strncat(3)s.

This was in first patch:)

IMHO if you want to keep portability, just add some BSD-licensed strlcat(3)
and strlcpy(3) implementations to firebird's code and use it, because
strncat(3) is really fucked up.

--=20
Pawel Jakub Dawidek                       pawel@dawidek.net
UNIX Systems Programmer/Administrator     http://garage.freebsd.pl
Am I Evil? Yes, I Am!                     http://cerber.sourceforge.net

--KsSkVHHhotaZRe1D
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBP0xnfD/PhmMH/Mf1AQFblwP/f0mPHHbFiO9eRmJm1sjxNdurH9p0zFCY
gjQWrssTFCjhgYdfGWjFX/HGrloWavwPLNikCHUFmT/Z3FhEZBwHIs5BlkeMgtJu
q1IG5OA8AvLg28pIeJpYl4WqJPAsxjfdqTaIV3izecTCu90ti273X/H40ket2F4I
2FbbXvQtOuw=
=jzMA
-----END PGP SIGNATURE-----

--KsSkVHHhotaZRe1D--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030827081036.GL47959>