9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: Don Bailey <don.bailey@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] lpdaemon
Date: Wed,  5 Jun 2013 07:13:25 -0600	[thread overview]
Message-ID: <636BFA64-E5C9-417C-AD9E-E6BCEAACB02B@gmail.com> (raw)
In-Reply-To: <03dd9a6798effc7cf713d579f6bbc0e6@isd.dp.ua>

The first opportunity to write a nil byte should always be taken. Using sizeof only means that in corner cases memory disclosure may occur between where the nil should be and the end of the array. While this isn't a security critical app, it is still good coding practice.

x = strlen(info.host) < sizeof info.host ? strlen() : sizeof ;
info.host[x] = 0;

D

On Jun 5, 2013, at 5:38 AM, yaroslav <yarikos@gmail.com> wrote:

> in /sys/src/cmd/lp/lpdaemon.c:297,310
> 
> These
>            info.host[strlen(info.host)] = '\0';
>            …
>            info.user[strlen(info.user)] = '\0';
> 
> look nonsence as zeros are placed exactly where they already are.
> Should read as in following instead:
> 
>            info.host[NAMELEN] = '\0';
>            …
>            info.user[NAMELEN] = '\0';
> 
> shoudn't it?
> 
> 



  parent reply	other threads:[~2013-06-05 13:13 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-05 11:38 yaroslav
2013-06-05 13:06 ` erik quanstrom
2013-06-05 13:13 ` Don Bailey [this message]
2013-06-05 13:20   ` erik quanstrom
2013-06-05 13:40     ` Don Bailey
2013-06-05 13:38   ` Friedrich Psiorz
2013-06-05 13:54     ` Don Bailey
2013-06-05 14:09       ` erik quanstrom
2013-06-05 14:29         ` Don Bailey

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=636BFA64-E5C9-417C-AD9E-E6BCEAACB02B@gmail.com \
    --to=don.bailey@gmail.com \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).