Re: [9front] nupas auth: incompatibility and error messaging

Re: [9front] nupas auth: incompatibility and error messaging

[cinap_lenrek]

to be clear, this is like:

buf = ... usercontrolled string ...

print(buf); vs print("%s", buf);

the former allows you to crash the program.

--
cinap

Re: [9front] nupas auth: incompatibility and error messaging

[inkswinc]

On Wed, 22 Mar 2017 10:17:14 +0100, cinap_lenrek@felloff.net wrote:
> to be clear, this is like:
> 
> buf = ... usercontrolled string ...
> 
> print(buf); vs print("%s", buf);
> 
> the former allows you to crash the program.
> 
> --
> cinap

Ah, thanks. I'd always seen the latter style, but it never clicked
for me why it was done that way. Makes a lot of sense now... time
to grep through my programs and see all the other places I've made
this mistake.

- sam-d

Re: [9front] nupas auth: incompatibility and error messaging

[inkswinc]

On Wed, 22 Mar 2017 10:17:14 +0100, cinap_lenrek@felloff.net wrote:
> to be clear, this is like:
> 
> buf = ... usercontrolled string ...
> 
> print(buf); vs print("%s", buf);
> 
> the former allows you to crash the program.
> 
> --
> cinap

Ah, thanks. I'd always seen the latter style, but it never clicked
for me why it was done that way. Makes a lot of sense now... time
to grep through my programs and see all the other places I've made
this mistake.

- sam-d

Re: [9front] nupas auth: incompatibility and error messaging

[cinap_lenrek]

factstring is wrong.

auth_getuserpasswd() is itself a format function. so if username would contain
for example "%s" then auth_getuserpasswd() would try to read beyond its varargs list.

you really want to pass the constant format string to auth_getuserpasswd()
here and pass the username and servername in the varargs.

--
cinap

Re: [9front] nupas auth: incompatibility and error messaging

[inkswinc]

Yeah, I realized the failure to check the output of smprint shortly
after posting and have been kicking myself since.  I do like your way
better, but wasn't feeling that ambitious and figured I'd go for
something braindead (which I still managed to fuck up).  Thanks for
taking it up.

- sam-d

Re: [9front] nupas auth: incompatibility and error messaging

[Benjamin Purcell]

If no one objects to the change sam-d wants to make with switching
ddomain to farend, I'll apply the patch I posted soon.

-spew

Re: [9front] nupas auth: incompatibility and error messaging

[Benjamin Purcell]

At the very least you should check that the char* returned from
smprint is not nil.

But if this were me I would avoid the memory allocation entirely since
we can estimate a reasonable bound on the auth string. In that case I
like to use a static buf instead and print into it sequentially. That
way you also avoid an arguably ugly ternary expression and avoid
another memory allocation that is found below:
http://okturing.com/src/1190/body