From owner-freebsd-audit  Tue Aug 29  4: 2: 3 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from burka.carrier.kiev.ua (burka.carrier.kiev.ua [193.193.193.107])
	by hub.freebsd.org (Postfix) with ESMTP
	id E273637B422; Tue, 29 Aug 2000 04:01:59 -0700 (PDT)
Received: from netch@localhost
	by burka.carrier.kiev.ua  id OAT56202;
	Tue, 29 Aug 2000 14:01:56 +0300 (EEST)
	(envelope-from netch)
Date: Tue, 29 Aug 2000 14:01:56 +0300 (EEST)
Message-Id: <200008291101.OAT56202@burka.carrier.kiev.ua>
From: netch@carrier.kiev.ua (Valentin Nechayev)
To: Kris Kennaway <kris@hub.freebsd.org>, freebsd-audit@freebsd.org
Subject: Re: ether_line() patch
User-Agent: tin/1.4.1-19991201 ("Polish") (UNIX) (FreeBSD/3.5-STABLE (i386))
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

KK> @@ -156,8 +178,8 @@
KK>  				strlen(ether_a), &result, &resultlen)) {
KK>  				continue;
KK>  			}
KK> -			strncpy(buf, result, resultlen);
KK> -			buf[resultlen] = '\0';
KK> +			strncpy(buf, result, sizeof(buf) - 1);
KK> +			buf[sizeof(buf)] = '\0';
KK>  			free(result);

Will it be better to write `strlcpy(buf, result, sizeof(buf))' ?


/netch


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message


From owner-freebsd-audit  Tue Aug 29  4:13:42 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from burka.carrier.kiev.ua (burka.carrier.kiev.ua [193.193.193.107])
	by hub.freebsd.org (Postfix) with ESMTP
	id E376037B42C; Tue, 29 Aug 2000 04:13:38 -0700 (PDT)
Received: from netch@localhost
	by burka.carrier.kiev.ua  id OFF57814;
	Tue, 29 Aug 2000 14:13:33 +0300 (EEST)
	(envelope-from netch)
Date: Tue, 29 Aug 2000 14:13:33 +0300 (EEST)
Message-Id: <200008291113.OFF57814@burka.carrier.kiev.ua>
From: netch@carrier.kiev.ua (Valentin Nechayev)
To: Kris Kennaway <kris@FreeBSD.ORG>, freebsd-audit@FreeBSD.ORG
Subject: Re: ftp(1) patch
X-Newsgroups: lucky.freebsd.audit
In-Reply-To: <Pine.BSF.4.21.0008042101550.64027-100000@freefall.freebsd.org>
Organization: Lucky Netch Incorporated
User-Agent: tin/1.4.1-19991201 ("Polish") (UNIX) (FreeBSD/3.5-STABLE (i386))
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Kris Kennaway wrote:

KK> Index: cmds.c
KK> ===================================================================
KK> RCS file: /home/ncvs/src/usr.bin/ftp/cmds.c,v
KK> retrieving revision 1.18
KK> diff -u -r1.18 cmds.c
KK> --- cmds.c	2000/06/24 15:34:30	1.18
KK> +++ cmds.c	2000/08/05 03:52:38
KK> @@ -125,7 +125,7 @@
KK>  	else
KK>  		comret = command("TYPE %s", p->t_mode);
KK>  	if (comret == COMPLETE) {
KK> -		(void)strcpy(typename, p->t_name);
KK> +		(void)strlcpy(typename, p->t_name, sizeof(typename));

In all these fixes, do you prove that resulting string cannot be cut?
strlcpy() provides only buffer nonoevrflowing, but not correctness of
result in buffer.

Consider change strlcpy in these fixes to:

size_t checked_strcopy( char* To, const char* From, size_t Size )
{
	register size_t Result = strlcpy( To, From, Size );
	if( Result >= Size )
		errx( EX_DATAERR, "too long string" );
	return Result;
}

Also, `linefull' variable is set, but is not cheched AFAIS elsewhere.


/netch


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message


From owner-freebsd-audit  Fri Sep  1  3:11:16 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3570137B422; Fri,  1 Sep 2000 03:11:15 -0700 (PDT)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id DAA39085;
	Fri, 1 Sep 2000 03:11:15 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Fri, 1 Sep 2000 03:11:15 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Valentin Nechayev <netch@carrier.kiev.ua>
Cc: Kris Kennaway <kris@hub.freebsd.org>, freebsd-audit@freebsd.org
Subject: Re: ether_line() patch
In-Reply-To: <200008291101.OAT56202@burka.carrier.kiev.ua>
Message-ID: <Pine.BSF.4.21.0009010310250.27842-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 29 Aug 2000, Valentin Nechayev wrote:

> KK> @@ -156,8 +178,8 @@
> KK>  				strlen(ether_a), &result, &resultlen)) {
> KK>  				continue;
> KK>  			}
> KK> -			strncpy(buf, result, resultlen);
> KK> -			buf[resultlen] = '\0';
> KK> +			strncpy(buf, result, sizeof(buf) - 1);
> KK> +			buf[sizeof(buf)] = '\0';
> KK>  			free(result);
> 
> Will it be better to write `strlcpy(buf, result, sizeof(buf))' ?

I deliberately didnt do that to avoid the gratuitous change of function
for no functional gain. If this was new code I'd definitely prefer
strlcpy()

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message