Date: Mon, 11 Dec 2000 18:59:41 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: kris@citusc.usc.edu Cc: Dag-Erling Smorgrav <des@ofug.org>, arch@FreeBSD.ORG Subject: Re: Safe string formatting in the kernel Message-ID: <200012120259.eBC2xfb99004@earth.backplane.com> References: <xzpsnnuq1hy.fsf@flood.ping.uio.no> <20001211185610.A1741@citusc.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
:On Mon, Dec 11, 2000 at 07:03:21PM +0100, Dag-Erling Smorgrav wrote:
:> I've implemented a set of functions for performing safe string
:> formatting in the kernel, based on an initial idea (and design) by
:> Poul-Henning. There's a patch up on freefall:
:
:I haven't reviewed this implementation, but introducing a secure
:string handling API into the kernel has my support as security
:officer. The current abuse of sprintf() in the kernel is really,
:really scary.
:
:Kris
sprintf(), strcpy(), and strcat(). But why not just replace those
functions with an snprintf() equivalent? I don't think we really need
a dynamic string allocation mechanism in the kernel, there is virtually
nowhere where it would actually be of any use.
sprintf() -> snprintf(...)
strcpy() -> sn_strcpy(dst, src, sizeof_destination_buffer)
strcat() -> sn_strcat(dst, src, sizeof_destination_buffer)
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012120259.eBC2xfb99004>