From: jamie.couture at gmail.com (Jamie Couture)
Subject: [PATCH] cgit: use strtol_i instead of atoi
Date: Wed, 13 May 2015 10:57:00 -0400 [thread overview]
Message-ID: <20150513145700.GA7679@neptune> (raw)
In-Reply-To: <20150513134556.GC10518@serenity.lan>
On Wed, May 13, 2015 at 02:45:56PM +0100, John Keeping wrote:
> On Wed, May 13, 2015 at 02:41:24PM +0100, John Keeping wrote:
> > On Wed, May 13, 2015 at 03:35:29PM +0200, Jason A. Donenfeld wrote:
> > > Anybody have any objections to this? In some cases it's slightly more
> > > verbose, but otherwise, I can't see any downsides.
> >
> > It's worse if there is trailing data. Since there's nothing obvious we
> > can do if the input is bad, I'm not sure how much we care (i.e. ignoring
> > the return value from strtol_i is OK) but whereas atoi will parse a
> > valid value followed by trailing garbage strtol_i will just fail.
> >
> > Worse than that, if it fails it leaves the result uninitialized, which
> > doesn't matter in the cases where we just update a variable, but at
> > least one part of this patch introduces a new variable that is not set
> > if strtol_i fails.
>
> Oops... I didn't double-check the patch before sending, it does always
> initialize the variables first so the only worry is trailing garbage.
>
> Of course, if atoi leads to SQL injection, what makes strtol safe? The
> test seems fundamentally useless; AFAICT the whole point is that if I
> parse some user input and use without validating it then I can end up
> doing something like:
>
> int num_items = <user input>;
> items = malloc(num_items * sizeof(*items));
>
> leading to integer overflow. But the mechanism used to convert the user
> input from a string to an integer is completely irrelevant.
Exactly.
I'm not familiar with the utility, but can nessus have exceptions to
a rule? In cgit's case, I don't see the use of atoi() as a problem
in this context.
next prev parent reply other threads:[~2015-05-13 14:57 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-13 13:21 ncopa
2015-05-13 13:35 ` Jason
2015-05-13 13:41 ` john
2015-05-13 13:45 ` john
2015-05-13 14:57 ` jamie.couture [this message]
2015-05-15 7:11 ` ncopa
2015-05-15 6:58 ` ncopa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150513145700.GA7679@neptune \
--to=cgit@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).