Date: Fri, 09 Mar 2001 23:04:21 +0000 From: Brian Somers <brian@Awfulhak.org> To: Warner Losh <imp@harmony.village.org> Cc: Brian Somers <brian@Awfulhak.org>, freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Message-ID: <200103092304.f29N4Lu06233@hak.lan.Awfulhak.org> In-Reply-To: Message from Warner Losh <imp@harmony.village.org> of "Fri, 09 Mar 2001 15:26:52 MST." <200103092226.f29MQqI11070@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <200103092224.f29MOZu05704@hak.lan.Awfulhak.org> Brian Somers writes:
> : [.....] }
> : > : > : + strncpy(host, buf, hsize);
> : > : >
> : > : > Should likely use strlcpy.
> : > :
> : > : The returned string (host) is not meant to be terminated if the host
> : > : fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...).
> : >
> : > Then we should terminate it. That's a lame interface.
> :
> : It's a practical interface. It's also a public interface :*)
>
> Ummm, it is lame in that it doesn't NUL termniate. Is it a standard,
> or can we change it. If we lose one character for utmp, I don't
> care. Intefaces like this are inharently lame and should not be
> encouraged and actively discouraged when possible. That's what I'm
> doing right now. Actively discouraging it and trying to get it changed.
If this is asked in a public forum, it'll start a thread about making
the format of utmp sane. I believe this is a good idea - all we need
to do is find someone willing to do it :-)
WRT changing what realhostname() does... we would also need to change
trimdomain() (similar semantics WRT not being NUL terminated if the
result is the exact size of the buffer).
They both arrived at the same time (I invented them so that
/usr/libexec/* could be consistent in the way it did the
reverse/forward lookups on IPs and in the way it made utmp entries),
but they're both documented so may be used by the outside world....
What we *really* need is proper library versioning - something I'm
getting more and more tempted to implement ! Then we could just
change things :-)
Anyway, I think the answer is that we should fix what's there now,
and think about making what's there more sane later.
> Warmer
Heh :-)
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103092304.f29N4Lu06233>