Re: getnameinfo extra len checking

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Mon, Jun 21, 2010 at 07:09:23PM +0300, Antti Kantee wrote:
> > 
> > I do not think so.  Why should we pander to broken code that doesn't
> > set sa_len?
> 
> What is the purpose of sa_len?  The value is a function of sa_family,
> is it not?

From one point of view, yes.  But remember, this is crappy object
"polymorphism" done in plain C.  You get to maintain a pile of macros
that map every sa_family to its expected size and then violate the
opacity of the sockaddr to check the family, figure out the expected
size, and proceed accordingly.  Ugh.

Or you can use sa_len as I assume
was expected, and treat opaque network addresses like opaque network
addresses: your program doesn't need to know what kind of address nor
how big that kind of address was intended to be; it's just "an address"
of size sa_len, and you don't poke at any other members of the
datastructure unless you actually _care_ what type it is.  I find that
much cleaner.

Also, of course, checking sa_len against sa_family is an explicit
abstraction violation which is genuinely useful for detecting that
some part of your program is passing around corrupt sockaddrs.  Don't
set sa_len, and you can't do that either.

Thor