Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c

To: current-users%netbsd.org@localhost
Subject: Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c
From: Jimmy Johansson <jimmy+current%Update.UU.SE@localhost>
Date: Wed, 24 Aug 2011 16:08:40 +0200

On Wed, Aug 24, 2011 at 11:28:16AM +0100, David Laight wrote:
> On Tue, Aug 23, 2011 at 11:23:55PM +0200, Jimmy Johansson wrote:
> > Hi,
> > 
> > I propose the following patch, as I think this is what the developer
> > intended anyway:
>  
> I'd try to find a way of avoiding repeated strlcat() - to avoid the
> repeated (effective) strlen() calls.
> 
> But yes, strncat() is especially broken.

I can appreciate that, if you do the effort to correct something you
might as well walk the extra mile and make further improvements.

As I said in the original post, I haven't yet actually tried to
understand the code yet, those strncat just popped out and looked odd
and I have a lot on my hands at the moment, work and girl friend
fighting for attention, but I might give another patch a shot when
things settle down, if nobody else beat me to it.

On another note, I have been running stable releases on my Desktop
machince for several years now and everything has just been working like
a charm, rock solid. I recently bought a new mother board and CPU due to
the old stuff breaking down. The new stuff doesn't boot NetBSD 5.x
(might be another report comming in), so I installed current.

When NetBSD 6.x comes out I might be getting back to a stable release, but
tinkering with current was kind of fun too. So the question is, do you
guys run current on your desktop machines and use that for development
or do you run current on another machine, or some other setup?

I mean, it looks like you can contribute quite a lot to the project by
only trying to compile current once in a while and reporting breaks, but
as I do developing and a bit of admin stuff at work I don't really fancy
having to reinstall my desktop machine several times a week because I
was brave enough to run current on it, and I believe that I would have
more to report if I also installed what I compile. But then again, there
seems to be quite a bit of people running current and maybe it isn't
often things break that hard?

Regards,

Jimmy
-- 
If you don't shoot the bearers of bad news, people will keep bringing it to you.

Follow-Ups:
- Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c
  - From: Roland C. Dowdeswell

References:
- Possible unsafe use of strncat in sbin/sysctl/sysctl.c
  - From: Jimmy Johansson
- Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c
  - From: David Laight

Prev by Date: Re: C compiler cannot create executables
Next by Date: Re: using "(void)" casts to purposefully ignore return values
Previous by Thread: Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c
Next by Thread: Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c
Indexes:

Home | Main Index | Thread Index | Old Index