From mboxrd@z Thu Jan  1 00:00:00 1970
From: erik quanstrom <quanstro@quanstro.net>
Date: Wed,  5 Jun 2013 09:20:04 -0400
To: 9fans@9fans.net
Message-ID: <6b9a2d8b5b0dcba57658809a76c2c89f@brasstown.quanstro.net>
In-Reply-To: <636BFA64-E5C9-417C-AD9E-E6BCEAACB02B@gmail.com>
References: <03dd9a6798effc7cf713d579f6bbc0e6@isd.dp.ua>
	<636BFA64-E5C9-417C-AD9E-E6BCEAACB02B@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [9fans] lpdaemon
Topicbox-Message-UUID: 63abca9a-ead8-11e9-9d60-3106f5b1d025

On Wed Jun  5 09:15:11 EDT 2013, don.bailey@gmail.com wrote:
> The first opportunity to write a nil byte should always be taken.
> Using sizeof only means that in corner cases memory disclosure may
> occur between where the nil should be and the end of the array.  While
> this isn't a security critical app, it is still good coding practice.
>=20
> x =3D strlen(info.host) < sizeof info.host ? strlen() : sizeof ;
> info.host[x] =3D 0;

let's start at the beginning.  strncpy is not good coding practice.
and lpdaemon is not well written by today's standards.  =E2=98=BA

however, unless i'm missing something, the code has exactly that.

/sys/src/cmd/lp/lpdaemon.c:297,310
		case 'H':
			if (ap[1] =3D=3D '\0')
				strncpy(info.host, "unknown", NAMELEN);
			else
				strncpy(info.host, (const char *)&ap[1], NAMELEN);
			info.host[NAMELEN] =3D '\0';
			break;
		case 'P':
			if (ap[1] =3D=3D '\0')
				strncpy(info.user, "unknown", NAMELEN);
			else
				strncpy(info.user, (const char *)&ap[1], NAMELEN);
			info.user[NAMELEN] =3D '\0';
			break;

- erik