Date: Wed, 27 Aug 2003 10:10:36 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: Chris Knight <chris@e-easy.com.au> Subject: Re: SecFix for databases/firebird, please review Message-ID: <20030827081036.GL47959@garage.freebsd.pl> In-Reply-To: <20030818115928.20c1c570.Alexander@Leidinger.net> References: <20030817130114.2bfb3cf1.Alexander@Leidinger.net> <20030817133824.GA71246@madman.celabo.org> <20030818115928.20c1c570.Alexander@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--KsSkVHHhotaZRe1D Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 18, 2003 at 11:59:28AM +0200, Alexander Leidinger wrote: +> Thanks for the review. I've updated +> http://www.leidinger.net/FreeBSD/firebird-1.0.2-secfix.tar.bz2 (modulo +> Chris' work in progress). I'm looking forward to the next round. :-) IMHO there are still problems with strncat(3). If you use something like that: strncat(buf, string, sizeof(buf) - 1); why not just use: strncpy(buf, string, sizeof(buf) - 1); because correct form is: strncat(buf, string, sizeof(buf) - strlen(buf) - 1); There is also syntax error here: strncat (ib_prefix_msg_val, MAXPATHLEN, ib_prefix_msg); You also still don't add: buf[sizeof(buf) - 1] =3D '\0'; after all strncat(3)s. This was in first patch:) IMHO if you want to keep portability, just add some BSD-licensed strlcat(3) and strlcpy(3) implementations to firebird's code and use it, because strncat(3) is really fucked up. --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --KsSkVHHhotaZRe1D Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP0xnfD/PhmMH/Mf1AQFblwP/f0mPHHbFiO9eRmJm1sjxNdurH9p0zFCY gjQWrssTFCjhgYdfGWjFX/HGrloWavwPLNikCHUFmT/Z3FhEZBwHIs5BlkeMgtJu q1IG5OA8AvLg28pIeJpYl4WqJPAsxjfdqTaIV3izecTCu90ti273X/H40ket2F4I 2FbbXvQtOuw= =jzMA -----END PGP SIGNATURE----- --KsSkVHHhotaZRe1D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030827081036.GL47959>