Date: 12 Dec 2000 15:42:29 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: assar@FreeBSD.ORG Cc: Matt Dillon <dillon@earth.backplane.com>, kris@citusc.usc.edu, arch@FreeBSD.ORG Subject: Re: Safe string formatting in the kernel Message-ID: <xzpelzd66qy.fsf@flood.ping.uio.no> In-Reply-To: assar@FreeBSD.ORG's message of "12 Dec 2000 05:32:48 %2B0100" References: <xzpsnnuq1hy.fsf@flood.ping.uio.no> <20001211185610.A1741@citusc.usc.edu> <200012120259.eBC2xfb99004@earth.backplane.com> <5lhf4ap8cv.fsf@assaris.sics.se>
next in thread | previous in thread | raw e-mail | index | archive | help
assar@FreeBSD.ORG writes: > Matt Dillon <dillon@earth.backplane.com> writes: > > strcpy() -> sn_strcpy(dst, src, sizeof_destination_buffer) > > strcat() -> sn_strcat(dst, src, sizeof_destination_buffer) > strlcpy and strlcat. Why keep the API different for no good reason? Because there are other issues than just overflowing the buffer. There's the issue of truncation (a lot of code uses snprintf() etc. without checking if the resulting string was actually truncated, which may be a security risk of its own), and there's the issue of using large amounts of stack space for buffers (procfs and linprocfs are notorious offenders in both these areas, but they're not the only ones) Vulnerabilities were recently found in the procfs code which were successfully solved with snprintf(), but could have been (and hopefully will be) solved in a much more elegant and future-proof manner using sbufs. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpelzd66qy.fsf>