[hylafax-devel] Re: Supported Platforms/Security mods?

To: Robert Colquhoun <rjc@trump.net.au>
Subject: [hylafax-devel] Re: Supported Platforms/Security mods?
From: Andy Sparrow <andy@geek4food.org>
Cc: Andy Sparrow <andy@geek4food.org>; <hylafax-devel@hylafax.org>
Date: Wed, 14 Jun 2000 10:59:00

--------
Your message dated: Wed, 14 Jun 2000 13:17:27 +1000
>>Therefore, I really only spent time on ensuring that printing/copying
>>into char buffers is restricted to the bounds of that buffer (via
>>'snprintf()', 'vsnprint()' and 'strlcpy()') ;-)
>
>Even if you just find and list the problems for someone else to fix would 
>be helpful.

Sure. I pretty much took the view (about 80-odd times) that code like:

int foo(char *arg)
{
	buf[NUMBER];
	...
	sprintf(buf, fmt, arg);
	
	etc.

should get a diff that looks like:

-sprintf(buf, fmt, arg);
+snprintf(buf, sizeof(buf), fmt, arg);

which avoids actually having to trace down where 'arg' came from and work 
out if it can be forced to overflow buf from external data (which is really 
the main concern, of course).

I don't see that it would make the code run slower by any factor I'd
be concerned about, actually tidies up the logic in one or two places, 
and can only make things more robust generally, I'd have thought.

Ideally, one would look very carefully at everything that read
external data from any source or took arguments, and consider all 
possibilities at length.  That would be nice, but I think the above
approach (with strlcpy as well) would go a long way towards closing off 
holes to be exploited.

Comments would be welcomed, if anyone thinks I'm way off-base here.


>Basically the policy i was following till now was:
>         - mkstemp() and tmpfile() are both ok.
>         - tempnam(), tmpnam() and mktemp() should *not* be used.
>
>Perhaps what is need is a wrapper function to create temporary files which 
>chooses the best implementation mkstemp() or tmpfile() depending on the 
>platform.

That would work, sure. It might involve a fair bit of work to set up
and keep up-to-date, though.

Might it not be simpler to provide a "known good" implementation of 
mkstemp() and just use that? It looks pretty generic, and there's already 
some BSD code in the port directory, I note ;-)


Cheers,

AS


____________________ HylaFAX(tm) Developers Mailing List ____________________
 To unsub: mail -s unsubscribe hylafax-devel-request@hylafax.org < /dev/null

Prev by Date: [hylafax-devel] Re: 4.1beta2 FreeBSD port
Next by Date: [hylafax-devel] Security patches for hylafax-v4.0pl2
Prev by thread: [hylafax-devel] Re: Supported Platforms/Security mods?
Next by thread: [hylafax-devel] Another Class1 question
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services