From mboxrd@z Thu Jan 1 00:00:00 1970 References: <03dd9a6798effc7cf713d579f6bbc0e6@isd.dp.ua> <636BFA64-E5C9-417C-AD9E-E6BCEAACB02B@gmail.com> <6b9a2d8b5b0dcba57658809a76c2c89f@brasstown.quanstro.net> From: Don Bailey Content-Type: text/plain; charset=utf-8 In-Reply-To: <6b9a2d8b5b0dcba57658809a76c2c89f@brasstown.quanstro.net> Message-Id: <05BFA886-F720-4783-BC80-56B01AF7A101@gmail.com> Date: Wed, 5 Jun 2013 07:40:02 -0600 To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Subject: Re: [9fans] lpdaemon Topicbox-Message-UUID: 63b39c2a-ead8-11e9-9d60-3106f5b1d025 Not exactly. But, functionally close enough.=20 I skipped commenting on strncpy to ignore the plethora of issues with lpd an= d focus on the question at hand. D On Jun 5, 2013, at 7:20 AM, erik quanstrom wrote: > On Wed Jun 5 09:15:11 EDT 2013, don.bailey@gmail.com wrote: >> The first opportunity to write a nil byte should always be taken. >> Using sizeof only means that in corner cases memory disclosure may >> occur between where the nil should be and the end of the array. While >> this isn't a security critical app, it is still good coding practice. >>=20 >> x =3D strlen(info.host) < sizeof info.host ? strlen() : sizeof ; >> info.host[x] =3D 0; >=20 > let's start at the beginning. strncpy is not good coding practice. > and lpdaemon is not well written by today's standards. =E2=98=BA >=20 > however, unless i'm missing something, the code has exactly that. >=20 > /sys/src/cmd/lp/lpdaemon.c:297,310 > case 'H': > if (ap[1] =3D=3D '\0') > strncpy(info.host, "unknown", NAMELEN); > else > strncpy(info.host, (const char *)&ap[1], NAMELEN); > info.host[NAMELEN] =3D '\0'; > break; > case 'P': > if (ap[1] =3D=3D '\0') > strncpy(info.user, "unknown", NAMELEN); > else > strncpy(info.user, (const char *)&ap[1], NAMELEN); > info.user[NAMELEN] =3D '\0'; > break; >=20 > - erik >=20