* Re: [9front] nupas auth: incompatibility and error messaging
@ 2017-03-22 3:16 inkswinc
0 siblings, 0 replies; 7+ messages in thread
From: inkswinc @ 2017-03-22 3:16 UTC (permalink / raw)
To: benjapurcell, 9front
Yeah, I realized the failure to check the output of smprint shortly
after posting and have been kicking myself since. I do like your way
better, but wasn't feeling that ambitious and figured I'd go for
something braindead (which I still managed to fuck up). Thanks for
taking it up.
- sam-d
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] nupas auth: incompatibility and error messaging
@ 2017-03-22 17:10 inkswinc
0 siblings, 0 replies; 7+ messages in thread
From: inkswinc @ 2017-03-22 17:10 UTC (permalink / raw)
To: cinap_lenrek, 9front
On Wed, 22 Mar 2017 10:17:14 +0100, cinap_lenrek@felloff.net wrote:
> to be clear, this is like:
>
> buf = ... usercontrolled string ...
>
> print(buf); vs print("%s", buf);
>
> the former allows you to crash the program.
>
> --
> cinap
Ah, thanks. I'd always seen the latter style, but it never clicked
for me why it was done that way. Makes a lot of sense now... time
to grep through my programs and see all the other places I've made
this mistake.
- sam-d
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] nupas auth: incompatibility and error messaging
@ 2017-03-22 17:09 inkswinc
0 siblings, 0 replies; 7+ messages in thread
From: inkswinc @ 2017-03-22 17:09 UTC (permalink / raw)
To: cinap_lenrek, 9front
On Wed, 22 Mar 2017 10:17:14 +0100, cinap_lenrek@felloff.net wrote:
> to be clear, this is like:
>
> buf = ... usercontrolled string ...
>
> print(buf); vs print("%s", buf);
>
> the former allows you to crash the program.
>
> --
> cinap
Ah, thanks. I'd always seen the latter style, but it never clicked
for me why it was done that way. Makes a lot of sense now... time
to grep through my programs and see all the other places I've made
this mistake.
- sam-d
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] nupas auth: incompatibility and error messaging
@ 2017-03-22 9:17 cinap_lenrek
0 siblings, 0 replies; 7+ messages in thread
From: cinap_lenrek @ 2017-03-22 9:17 UTC (permalink / raw)
To: 9front
to be clear, this is like:
buf = ... usercontrolled string ...
print(buf); vs print("%s", buf);
the former allows you to crash the program.
--
cinap
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] nupas auth: incompatibility and error messaging
@ 2017-03-22 9:15 cinap_lenrek
0 siblings, 0 replies; 7+ messages in thread
From: cinap_lenrek @ 2017-03-22 9:15 UTC (permalink / raw)
To: 9front
factstring is wrong.
auth_getuserpasswd() is itself a format function. so if username would contain
for example "%s" then auth_getuserpasswd() would try to read beyond its varargs list.
you really want to pass the constant format string to auth_getuserpasswd()
here and pass the username and servername in the varargs.
--
cinap
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] nupas auth: incompatibility and error messaging
2017-03-22 2:53 ` [9front] " Benjamin Purcell
@ 2017-03-22 2:58 ` Benjamin Purcell
0 siblings, 0 replies; 7+ messages in thread
From: Benjamin Purcell @ 2017-03-22 2:58 UTC (permalink / raw)
To: 9front
If no one objects to the change sam-d wants to make with switching
ddomain to farend, I'll apply the patch I posted soon.
-spew
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] nupas auth: incompatibility and error messaging
2017-03-22 0:02 inkswinc
@ 2017-03-22 2:53 ` Benjamin Purcell
2017-03-22 2:58 ` Benjamin Purcell
0 siblings, 1 reply; 7+ messages in thread
From: Benjamin Purcell @ 2017-03-22 2:53 UTC (permalink / raw)
To: 9front
At the very least you should check that the char* returned from
smprint is not nil.
But if this were me I would avoid the memory allocation entirely since
we can estimate a reasonable bound on the auth string. In that case I
like to use a static buf instead and print into it sequentially. That
way you also avoid an arguably ugly ternary expression and avoid
another memory allocation that is found below:
http://okturing.com/src/1190/body
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-03-22 22:33 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-22 3:16 [9front] nupas auth: incompatibility and error messaging inkswinc
-- strict thread matches above, loose matches on Subject: below --
2017-03-22 17:10 inkswinc
2017-03-22 17:09 inkswinc
2017-03-22 9:17 cinap_lenrek
2017-03-22 9:15 cinap_lenrek
2017-03-22 0:02 inkswinc
2017-03-22 2:53 ` [9front] " Benjamin Purcell
2017-03-22 2:58 ` Benjamin Purcell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).