Re: Theo chiming in on strlcpy

To: Robert Elz <kre%munnari.OZ.AU@localhost>
Subject: Re: Theo chiming in on strlcpy
From: Marc Espie <espie%nerim.net@localhost>
Date: Sun, 22 Dec 2013 02:38:30 +0100

On Sun, Dec 22, 2013 at 08:18:06AM +0700, Robert Elz wrote:
> I think this came from a discussion on the nmh list - where the nmh
> developers were discussing what to do about openbsd's linker issuing
> warnings about uses of strcpy() in nmh.   So far, even though a few
> possible overflows were located - none of them are in places that are
> at all dangerous (only things like absurd configs in the system config
> file - defining the local domain name to be huge for example) could
> cause one of the so far detected "problems".   

Wow.

Okay, so you think some buffer overflows can be not dangerous ? well, I say
they're unpredictable (by nature), and a real security issue rarely comes
from one single issue.  It's generally a cascade of small problems.

> Not surprising really,
> nmh (and MH that preceded it) is quite old, most bugs that would ever
> occur in reality have probably occurred and been fixed by now...

Oh yeah.  It's never happened for bugs to survive dozens of years and cause
security issues down the line, hasn't it ?

> data if it would previously have overflowed - which is not to say that
> strlcpy() cannot be used to avoid this, just that in that particular case,
> by people who in theory should know better, it wasn't) and instead he put in
> explicit checks (asserts) to verify that he strcpy() and strcat() were
> all safe - under the assumption that it was supposed to be correct already,
> and if not, it was a bug, and it was better for the software to crash so the
> bug can be fixed, than to continue with incorrect data.

What kind of asserts ? If it's a use of assert(3), well, that one vanishes in
normal production builds, so it won't be any help when it actually matters...

Well, at least it prompted the NMH people to look at their code. Better than
nothing, I should guess.

Thank you, you just made my point much better than I could by myself.

I know I won't change your mind. I don't care to. You're too deeply entrenched
in your attitude. Nope, I'm more concerned about the undecided people.

Follow-Ups:
- Re: Theo chiming in on strlcpy
  - From: David Holland

References:
- Theo chiming in on strlcpy
  - From: Marc Espie
- Re: Theo chiming in on strlcpy
  - From: Robert Elz

Prev by Date: Re: Theo chiming in on strlcpy
Next by Date: Re: Theo chiming in on strlcpy
Previous by Thread: Re: Theo chiming in on strlcpy
Next by Thread: Re: Theo chiming in on strlcpy
Indexes:

Home | Main Index | Thread Index | Old Index