Subject: Re: buffer overflows in libsa
To: Roland Illig <>
From: Bill Studenmund <>
List: tech-kern
Date: 08/22/2005 15:10:44
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 22, 2005 at 07:44:45PM +0200, Roland Illig wrote:
> Hi all,
> the stand-alone library still contains two function with buffer=20
> overflows, namely gets() and getpass(). To fix that, I have written the=
> appended patch. The new feature it requests is that the=20
> (architecture-dependent) putchar() function can handle '\a' and either=20
> beeps or ignores it completely.

I don't think that changing gets() is the right thing to do. gets() is=20
documented to be a dangerous call, so "fixing" it to not be dangerous=20
seems backwards. Also, while libsa is a different environment from=20
userland's libc, I think we should try to keep calls with the same name in=

I think a much cleaner approach is to get rid of gets() and change ALL=20
callers (note, that means checking the boot loaders for all of our=20
platforms!) to use fgets().

I wouldn't object to you coming up with a getsn() or some such that took a=
buffer length and assumed standard in. Or getsl().

getpass() should already be ok. It specifically only accepts _PASSWORD_LEN=
characters (which is 128 in libc/userland).

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)