From mboxrd@z Thu Jan  1 00:00:00 1970
References: <03dd9a6798effc7cf713d579f6bbc0e6@isd.dp.ua>
From: Don Bailey <don.bailey@gmail.com>
Content-Type: text/plain;
	charset=GB2312
In-Reply-To: <03dd9a6798effc7cf713d579f6bbc0e6@isd.dp.ua>
Message-Id: <636BFA64-E5C9-417C-AD9E-E6BCEAACB02B@gmail.com>
Date: Wed,  5 Jun 2013 07:13:25 -0600
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
Subject: Re: [9fans] lpdaemon
Topicbox-Message-UUID: 6392448a-ead8-11e9-9d60-3106f5b1d025

The first opportunity to write a nil byte should always be taken. Using size=
of only means that in corner cases memory disclosure may occur between where=
 the nil should be and the end of the array. While this isn't a security cri=
tical app, it is still good coding practice.

x =3D strlen(info.host) < sizeof info.host ? strlen() : sizeof ;
info.host[x] =3D 0;

D

On Jun 5, 2013, at 5:38 AM, yaroslav <yarikos@gmail.com> wrote:

> in /sys/src/cmd/lp/lpdaemon.c:297,310
>=20
> These
>            info.host[strlen(info.host)] =3D '\0';
>            =A1=AD
>            info.user[strlen(info.user)] =3D '\0';
>=20
> look nonsence as zeros are placed exactly where they already are.
> Should read as in following instead:
>=20
>            info.host[NAMELEN] =3D '\0';
>            =A1=AD
>            info.user[NAMELEN] =3D '\0';
>=20
> shoudn't it?
>=20
>=20