From: "Charlie Gordon" <gmane@chqrlie.org>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [PATCH] security_20040618
Date: Sun, 20 Jun 2004 20:22:44 +0200 [thread overview]
Message-ID: <cb4kh5$e20$1@sea.gmane.org> (raw)
In-Reply-To: 20040619150514.GB1962@sentinelchicken.org
"Tim" <tim-qemu@sentinelchicken.org> wrote in message
news:20040619150514.GB1962@sentinelchicken.org...
> > > --- qemu-current/monitor.c 2004-06-16 20:49:59.000000000 -0700
> > > +++ qemu-dev/monitor.c 2004-06-17 22:12:49.000000000 -0700
> > > str = qemu_malloc(strlen(buf) + 1);
> > > - strcpy(str, buf);
> > > + pstrcpy(str, strlen(buf) + 1, buf);
> >
> > In my opinion, it already absolutely unnecessary correction.
> > There is in this place no problem.
>
> Yeah, you are probably right. I looked at that one on 3 seperate
> occasions before making the change, since I recognized that there are
> very few conditions where it could possibly be a problem, and come to
> think of it, this fix doesn't mitigate those conditions.
>
> That chunk of code makes me uncomfortable for other reasons though (does
> qemu_malloc() return NULL ever? could buf possibly be missing a
> trailing '\0' ever?) so I'll re-visit it again and see what makes the
> most sense. The pstrcpy isn't hurting anything though. Slightly slower
> copy, due to the length checking, but it isn't in a critical piece of
> code (monitor.c is just for the user interface command prompt, right?),
> so I also don't see a reason to remove it, esp if changes in the future
> open up the possibility of an overflow.
No, he is ABSOLUTELY right ! This patch is useless and confusing.
pstrcpy's second argument is the size of the buffer the first argument
points to, computing it a second time is error prone as it duplicates
qemu_malloc size argument calculation. Many modifications down the road,
these two lines may become sufficiently distant that a modification to one
will not be reflected in the other. Furthermore, it is completely innane to
require protection from buffer overflow in pstrcpy by passing the exact size
of the third argument ! It reminds me of an overtly cautious programmer I
met a few years ago who made sure 'strings were properly null terminated by
adding : str[strlen(str)] = '\0'; what a joke!
Thus I see no reason to ACCEPT such a patch, removing it a just a matter of
cleanliness.
Still there was a more constructive remark to make on the above code as it
would definitely be better written as
str = qemu_strdup(buf);
with obvious semantics for qemu_strdup.
Anyone to write such a patch and use qemu_strdup in other places as
appropriate ?
Charlie Gordon.
PS: I fully agree with Fabrice about strncpy, disbelievers should read `man
strncpy` carefully and learn.
next prev parent reply other threads:[~2004-06-20 18:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200406181841.i5IIfZQa019337@treas.simtreas.ru>
2004-06-19 7:33 ` [Qemu-devel] Errors compiling QEMU with Mingw Vladimir N. Oleynik
2004-06-19 7:37 ` [Qemu-devel] [PATCH] security_20040618 Vladimir N. Oleynik
2004-06-19 15:05 ` Tim
2004-06-20 18:22 ` Charlie Gordon [this message]
2004-06-20 19:26 ` [Qemu-devel] " Tim
2004-06-20 20:10 ` [Qemu-devel] " Charlie Gordon
2004-06-20 21:57 ` Tim
2004-06-21 8:50 ` OT: C Q/As, was Re: [Qemu-devel] security_20040618 Christof Petig
2004-06-21 10:21 ` [Qemu-devel] OT: C Q/As, was security_20040618 Charlie Gordon
2004-06-21 10:41 ` Christof Petig
2004-06-21 15:44 ` OT: C Q/As, was Re: [Qemu-devel] security_20040618 Michael Jennings
2004-06-22 9:57 ` [Qemu-devel] Re: completely OT: C Q/As, was security_20040618 Charlie Gordon
2004-06-22 10:49 ` Sander Nagtegaal
2004-06-22 12:37 ` [Qemu-devel] " Charlie Gordon
2004-06-22 15:38 ` [Qemu-devel] Re: completely OT: C Q/As Michael Jennings
2004-06-24 14:21 ` [Qemu-devel] Re: Re: completely OT: C Q/As : let's feed the troll Charlie Gordon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='cb4kh5$e20$1@sea.gmane.org' \
--to=gmane@chqrlie.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).