Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Possible unsafe use of strncat in sbin/sysctl/sysctl.c



On Wed, Aug 24, 2011 at 11:28:16AM +0100, David Laight wrote:
> On Tue, Aug 23, 2011 at 11:23:55PM +0200, Jimmy Johansson wrote:
> > Hi,
> > 
> > I propose the following patch, as I think this is what the developer
> > intended anyway:
>  
> I'd try to find a way of avoiding repeated strlcat() - to avoid the
> repeated (effective) strlen() calls.
> 
> But yes, strncat() is especially broken.

I can appreciate that, if you do the effort to correct something you
might as well walk the extra mile and make further improvements.

As I said in the original post, I haven't yet actually tried to
understand the code yet, those strncat just popped out and looked odd
and I have a lot on my hands at the moment, work and girl friend
fighting for attention, but I might give another patch a shot when
things settle down, if nobody else beat me to it.

On another note, I have been running stable releases on my Desktop
machince for several years now and everything has just been working like
a charm, rock solid. I recently bought a new mother board and CPU due to
the old stuff breaking down. The new stuff doesn't boot NetBSD 5.x
(might be another report comming in), so I installed current.

When NetBSD 6.x comes out I might be getting back to a stable release, but
tinkering with current was kind of fun too. So the question is, do you
guys run current on your desktop machines and use that for development
or do you run current on another machine, or some other setup?

I mean, it looks like you can contribute quite a lot to the project by
only trying to compile current once in a while and reporting breaks, but
as I do developing and a bit of admin stuff at work I don't really fancy
having to reinstall my desktop machine several times a week because I
was brave enough to run current on it, and I believe that I would have
more to report if I also installed what I compile. But then again, there
seems to be quite a bit of people running current and maybe it isn't
often things break that hard?

Regards,

Jimmy
-- 
If you don't shoot the bearers of bad news, people will keep bringing it to you.


Home | Main Index | Thread Index | Old Index