Subject: Re: buffer overflows in libsa
To: Roland Illig <rillig@NetBSD.org>
From: Bill Studenmund <firstname.lastname@example.org>
Date: 08/22/2005 15:10:44
Content-Type: text/plain; charset=us-ascii
On Mon, Aug 22, 2005 at 07:44:45PM +0200, Roland Illig wrote:
> Hi all,
> the stand-alone library still contains two function with buffer=20
> overflows, namely gets() and getpass(). To fix that, I have written the=
> appended patch. The new feature it requests is that the=20
> (architecture-dependent) putchar() function can handle '\a' and either=20
> beeps or ignores it completely.
I don't think that changing gets() is the right thing to do. gets() is=20
documented to be a dangerous call, so "fixing" it to not be dangerous=20
seems backwards. Also, while libsa is a different environment from=20
userland's libc, I think we should try to keep calls with the same name in=
I think a much cleaner approach is to get rid of gets() and change ALL=20
callers (note, that means checking the boot loaders for all of our=20
platforms!) to use fgets().
I wouldn't object to you coming up with a getsn() or some such that took a=
buffer length and assumed standard in. Or getsl().
getpass() should already be ok. It specifically only accepts _PASSWORD_LEN=
characters (which is 128 in libc/userland).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----