From: Johan Herland <johan@herland.net>
To: git@vger.kernel.org
Cc: Junio C Hamano <gitster@pobox.com>,
Reece Dunn <msclrhd@googlemail.com>, Timo Sirainen <tss@iki.fi>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: Buffer overflows
Date: Sun, 02 Sep 2007 15:42:30 +0200 [thread overview]
Message-ID: <200709021542.31100.johan@herland.net> (raw)
In-Reply-To: <7vtzqg7jrn.fsf@gitster.siamese.dyndns.org>
On Friday 31 August 2007, Junio C Hamano wrote:
> It is well and widely understood idiom to use strlcpy to a
> fixed-sized buffer and checking the resulting length to make
> sure the result would not have overflowed (and if it would have,
> issue an error and die). I would not have anything against a
> set of patches to follow such a pattern.
>
> But a patch to add a non-standard API that nobody else uses,
> without any patch to show the changes to a few places that could
> use the API to demonstrate that the use of API vastly cleans the
> code up and makes it infinitely harder to make mistakes?
>
> The API needs to justify itself to convince the people who needs
> to learn and adjust to that the benefit far outweighes deviation
> from better known patterns, and I do not see that happening in
> Timo's patch.
So in general, git people seem to be saying that:
1. Yes, we agree that the C string library suX0rs badly.
2. There are more than 0 string manipulation bugs (e.g. buffer overflows) in
git. The number may be small or large, but I have yet to see anyone claim
it's _zero_.
3. Timo's patches (in their current form) are not the way to go, because of
non-standard API, implementation problems, whatever...
So why does the discussion end there? Lukas proposed an interesting
alternative in "The Better String Library" (
http://bstring.sourceforge.net/ ). Why has there been lots of bashing on
Timo's efforts, but no critique of bstring? I'd be very keen to know what
the git developers think of it. AFAICS, it seems to fulfill at least _some_
of the problems people find in Timo's patches. Specifically, it claims:
- High performance (better than the C string library)
- Simple usage
I'd also say it's probably more widely used than Timo's patches.
If the only response to Timo's highlighting of string manipulation problems
in git, is for us to flame his patches and leave it at that, then I have no
choice but to agree with him in that security does not seem to matter to
us.
...Johan
--
Johan Herland, <johan@herland.net>
www.herland.net
next prev parent reply other threads:[~2007-09-02 13:42 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-30 19:26 Buffer overflows Timo Sirainen
2007-08-30 20:26 ` Lukas Sandström
2007-08-30 20:46 ` Linus Torvalds
2007-08-30 21:08 ` Timo Sirainen
2007-08-30 21:35 ` Reece Dunn
2007-08-30 21:51 ` Timo Sirainen
2007-08-30 22:34 ` Reece Dunn
2007-08-31 10:52 ` Wincent Colaiuta
2007-08-31 12:48 ` Simon 'corecode' Schubert
2007-08-30 22:14 ` Junio C Hamano
2007-08-30 22:36 ` Pierre Habouzit
2007-08-30 22:41 ` Timo Sirainen
2007-09-02 13:42 ` Johan Herland [this message]
2007-09-02 15:11 ` Reece Dunn
2007-09-02 15:19 ` David Kastrup
2007-09-02 15:35 ` Reece Dunn
2007-09-03 0:19 ` Jakub Narebski
2007-09-03 0:31 ` Junio C Hamano
2007-09-02 17:17 ` René Scharfe
2007-09-02 17:39 ` Lukas Sandström
2007-08-31 4:09 ` Linus Torvalds
2007-08-31 5:00 ` Timo Sirainen
2007-08-31 9:53 ` Andreas Ericsson
2007-08-31 10:06 ` Johannes Schindelin
2007-08-30 21:48 ` [PATCH] Temporary fix for stack smashing in mailinfo Alex Riesen
2007-08-30 22:53 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200709021542.31100.johan@herland.net \
--to=johan@herland.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=msclrhd@googlemail.com \
--cc=torvalds@linux-foundation.org \
--cc=tss@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).