kern/51200: gets considered harmful even in libsa

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/51200: gets considered harmful even in libsa
From: dholland%netbsd.org@localhost
Date: Tue, 31 May 2016 04:15:00 +0000 (UTC)

>Number:         51200
>Category:       kern
>Synopsis:       gets considered harmful even in libsa
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 31 04:15:00 +0000 2016
>Originator:     David A. Holland
>Release:        NetBSD 7.99.30 (20160531)
>Organization:
>Environment:
n/a
>Description:

There's a gets() in libsa, in its full traditional overflowable glory.
This is really probably not such a great idea today in the era of
console servers and such, but apart from that it also causes code
scanners to light up red.

Should change it to gets_sa or something that takes a bound as well as
a buffer pointer. Hard part is testing all the affected bootbollocks.

>How-To-Repeat:

code reading

>Fix:

Prev by Date: Re: misc/49850 ([patch] wtf.6 incomplete FILES section)
Next by Date: PR/51194 CVS commit: src/sys/arch/x68k/stand/libsa
Previous by Thread: Re: misc/49850 ([patch] wtf.6 incomplete FILES section)
Next by Thread: PR/51194 CVS commit: src/sys/arch/x68k/stand/libsa
Indexes:

Home | Main Index | Thread Index | Old Index