From owner-freebsd-audit Sun Nov 26 2:40:57 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 7AF1937B479 for ; Sun, 26 Nov 2000 02:40:55 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAQAfrY08705 for audit@FreeBSD.org; Sun, 26 Nov 2000 02:41:53 -0800 (PST) (envelope-from kris) Date: Sun, 26 Nov 2000 02:41:51 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: Non-constant format string list Message-ID: <20001126024151.A2846@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --uAKRQypu60I7Lcqm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I have uploaded the list of warnings from make world with -Wnetbsd-format-audit enabled, to http://www.freebsd.org/~kris/gcc-format-audit Most of these warnings are not actual problems (e.g. all uses of the function are safe), and some can be silenced by appropriate use of const, but the rest must be checked that all uses of the function which takes a format string argument are in fact safe. I will be updating the above list as the warnings are checked for safety. In fact I have already corrected some in -current. What would be very useful is a list of library functions which take format string arguments in the format of a pscan data file (/usr/ports/security/pscan). pscan by default only comes with common libc function definitions - if we can expand it to cover all FreeBSD library functions which take format strings it will assist in auditing of FreeBSD code. Any takers? If anyone is interested in helping the format string audit, please mail me with the directories from the above list you want to cover, and I'll update the list so there isn't unnecessary duplication of work. Kris --uAKRQypu60I7Lcqm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjog6O8ACgkQWry0BWjoQKWw6QCfUlPYPaQ3JhnViuWlk68eApFm 4AwAoKV+V+jRI0t1WTJ6oqlhqdbOjx2e =q2v6 -----END PGP SIGNATURE----- --uAKRQypu60I7Lcqm-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 26 9: 1:31 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.utfors.se (mail.utfors.se [195.58.103.125]) by hub.freebsd.org (Postfix) with ESMTP id 31E1137B479; Sun, 26 Nov 2000 09:01:19 -0800 (PST) Received: from ludd.luth.se (md46914c6.utfors.se [212.105.20.198]) by mail.utfors.se (8.8.8/8.8.8) with ESMTP id SAA14395; Sun, 26 Nov 2000 18:00:57 +0100 (MET) Message-ID: <3A2141AF.CF7C5318@ludd.luth.se> Date: Sun, 26 Nov 2000 18:00:31 +0100 From: Joachim =?iso-8859-1?Q?Str=F6mbergson?= Organization: Acne X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en-US MIME-Version: 1.0 To: Kris Kennaway , FreeBSD-Audit Subject: Re: MAXHOSTNAMELEN References: <20001125214903.A14677@citusc17.usc.edu> Content-Type: multipart/mixed; boundary="------------4F6D75CC2491C5CE858CC2F4" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------4F6D75CC2491C5CE858CC2F4 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Aloha! Kris Kennaway wrote: > Just wanted to check something..MAXHOSTNAMELEN is defined to be 256, > which is long enough to store the maximum possible DNS name (255 > octets) plus the terminating NULL. So there's no need to declare > arrays to be MAXHOSTNAMELEN+1 in size, right? Sounds right. I haven't checked the defining RFC, but the rationale for 256 would probably be to handle name lengths (including termination) in a single byte makes sense. > I'm seeing great inconsistency within our source tree, and I bumped > across this in some changes I was porting from NetBSD. Ok. I'll try and find these places... Woa! Lot of places and quite a few different settings of the size of MAXHOSTNAMELEN! Included in this mail is a file with all places in the 4.2-STABLE tree as of yesterday. By browsing the list, a few interesting ones pop out: ./contrib/amd/include/am_utils.h:# define MAXHOSTNAMELEN 64 ./contrib/nvi/common/recover.c:#define MAXHOSTNAMELEN 1024 ./contrib/traceroute/traceroute.c:#define MAXHOSTNAMELEN 64 ./contrib/tcsh/sh.h:# define MAXHOSTNAMELEN 255 ./libexec/rbootd/defs.h:#define MAXHOSTNAMELEN 64 ./libexec/telnetd/telnetd.c:#define MAXHOSTNAMELEN 64 ./usr.sbin/traceroute6/traceroute6.c:#define MAXHOSTNAMELEN 64 These are some of the definitions of the length that looks more or less wrong to me. There are more of these in the list. Then, as you can see in the list there are tons of MAXHOSTNAMELEN+1, *2 and all kinds of arithmetic. Looks rather messy and uncoordinated. Addendum: I just realised that there are definitions of MAXNAMELENGTH to 64 in the crypto versions of telnet (see the end of the mail). A buffer overflow problem particularly in these programs doesn't feel right. -- Cheers! Joachim - Alltid i harmonisk svängning --- FairLight ------ FairLight ------ FairLight ------ FairLight --- Joachim Strömbergson ASIC SoC designer, nice to CUTE animals Phone: +46(0)31 - 27 98 47 Web: http://www.ludd.luth.se/~watchman --------------- Spamfodder: regeringen@regeringen.se --------------- --------------4F6D75CC2491C5CE858CC2F4 Content-Type: text/plain; charset=us-ascii; name="MAXHOSTNAMELEN.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="MAXHOSTNAMELEN.txt" ./contrib/amd/TODO:rename HOSTNAMESZ to MAXHOSTNAMELEN ./contrib/amd/amd/amd.c:char pid_fsname[16 + MAXHOSTNAMELEN]; /* "kiska.southseas.nz:(pid%d)" */ ./contrib/amd/amd/amd.c:char hostd[2 * MAXHOSTNAMELEN + 1]; /* Host+domain */ ./contrib/amd/amd/amd.c: char hostname[MAXHOSTNAMELEN + 1] = "localhost"; /* Hostname */ ./contrib/amd/amd/amfs_toplvl.c: char fs_hostname[MAXHOSTNAMELEN + MAXPATHLEN + 1]; ./contrib/amd/amd/amfs_toplvl.c: if (strlen(fs_hostname) >= MAXHOSTNAMELEN) ./contrib/amd/amd/amfs_toplvl.c: strcpy(fs_hostname + MAXHOSTNAMELEN - 3, ".."); ./contrib/amd/amd/info_passwd.c: char rhost[MAXHOSTNAMELEN]; ./contrib/amd/amd/ops_autofs.c: char fs_hostname[MAXHOSTNAMELEN + MAXPATHLEN + 1]; ./contrib/amd/amd/ops_autofs.c: char *map_opt, buf[MAXHOSTNAMELEN]; ./contrib/amd/amd/ops_autofs.c: if (strlen(fs_hostname) >= MAXHOSTNAMELEN) ./contrib/amd/amd/ops_autofs.c: strcpy(fs_hostname + MAXHOSTNAMELEN - 3, ".."); ./contrib/amd/amd/ops_nfs.c: char host[MAXHOSTNAMELEN + MAXPATHLEN + 2]; ./contrib/amd/amd/ops_nfs.c:#ifdef MAXHOSTNAMELEN ./contrib/amd/amd/ops_nfs.c: if (strlen(host) >= MAXHOSTNAMELEN) ./contrib/amd/amd/ops_nfs.c: strcpy(host + MAXHOSTNAMELEN - 3, ".."); ./contrib/amd/amd/ops_nfs.c:#endif /* MAXHOSTNAMELEN */ ./contrib/amd/fixmount/fixmount.c:static char thishost[MAXHOSTNAMELEN + 1] = ""; ./contrib/amd/fixmount/fixmount.c: static char lasthost[MAXHOSTNAMELEN] = ""; ./contrib/amd/fsinfo/fsinfo.c:char hostname[MAXHOSTNAMELEN + 1]; ./contrib/amd/hlfsd/hlfsd.c:char hostname[MAXHOSTNAMELEN + 1] = "localhost"; ./contrib/amd/hlfsd/hlfsd.c: char hostpid_fs[MAXHOSTNAMELEN + 1 + 16]; /* room for ":(pid###)" */ ./contrib/amd/hlfsd/hlfsd.c: if ((int) strlen(progpid_fs) >= (int) MAXHOSTNAMELEN) ./contrib/amd/hlfsd/hlfsd.c: strcpy(progpid_fs + MAXHOSTNAMELEN - 3, ".."); ./contrib/amd/hlfsd/hlfsd.h:#define PROGNAMESZ (MAXHOSTNAMELEN - 5) ./contrib/amd/include/am_utils.h:#ifndef MAXHOSTNAMELEN ./contrib/amd/include/am_utils.h:# define MAXHOSTNAMELEN HOSTNAMESZ ./contrib/amd/include/am_utils.h:# define MAXHOSTNAMELEN 64 ./contrib/amd/include/am_utils.h:#endif /* not MAXHOSTNAMELEN */ ./contrib/amd/libamu/xutil.c:static char am_hostname[MAXHOSTNAMELEN + 1] = "unknown"; /* Hostname */ ./contrib/amd/libamu/xutil.c: strncpy(am_hostname, hn, MAXHOSTNAMELEN); ./contrib/amd/libamu/xutil.c: am_hostname[MAXHOSTNAMELEN] = '\0'; ./contrib/amd/wire-test/wire-test.c:char hostname[MAXHOSTNAMELEN + 1]; ./contrib/bind/CHANGES: 181. [bug] MAXHOSTNAMELEN wasn't defined on Solaris. ./contrib/bind/CHANGES: 175. [security] libirs now limits hostnames to MAXHOSTNAMELEN ./contrib/bind/bin/dig/dig.c:#ifndef MAXHOSTNAMELEN ./contrib/bind/bin/dig/dig.c:#define MAXHOSTNAMELEN 256 ./contrib/bind/bin/dig/dig.c:static char myhostname[MAXHOSTNAMELEN]; ./contrib/bind/bin/irpd/irpd.c:#ifndef MAXHOSTNAMELEN ./contrib/bind/bin/irpd/irpd.c:#define MAXHOSTNAMELEN 256 ./contrib/bind/bin/irpd/irpd.c: char hname[MAXHOSTNAMELEN]; ./contrib/bind/bin/irpd/irpd.c: char hname[MAXHOSTNAMELEN]; ./contrib/bind/bin/irpd/irpd.c: char haddr[MAXHOSTNAMELEN]; ./contrib/bind/bin/irpd/irpd.c: char haddr[MAXHOSTNAMELEN]; ./contrib/bind/lib/irs/dns_ho.c: if (n > MAXHOSTNAMELEN) { ./contrib/bind/lib/irs/dns_ho.c: if (n > buflen || n > MAXHOSTNAMELEN) { ./contrib/bind/lib/irs/dns_ho.c: n >= MAXHOSTNAMELEN) { ./contrib/bind/lib/irs/dns_ho.c: if (nn >= MAXHOSTNAMELEN) { ./contrib/bind/lib/irs/dns_ho.c: if (n > buflen || n >= MAXHOSTNAMELEN) ./contrib/cvs/src/ChangeLog-97: * logmsg (MAXHOSTNAMELEN): Removed; not used. ./contrib/cvs/src/main.c:#ifndef MAXHOSTNAMELEN ./contrib/cvs/src/main.c:#define MAXHOSTNAMELEN 256 ./contrib/cvs/src/main.c:char hostname[MAXHOSTNAMELEN]; ./contrib/cvs/src/server.c:#ifndef MAXHOSTNAMELEN ./contrib/cvs/src/server.c:#define MAXHOSTNAMELEN (256) ./contrib/cvs/src/server.c: char hostname[MAXHOSTNAMELEN]; ./contrib/groff/tmac/groff_mdoc.samples.man:.Bl -tag -width ".Dv MAXHOSTNAMELEN" -compact -offset 14n ./contrib/groff/tmac/groff_mdoc.samples.man:.It Li ".Dv MAXHOSTNAMELEN" ./contrib/groff/tmac/groff_mdoc.samples.man:.Dv MAXHOSTNAMELEN ./contrib/ipfilter/fils.c: static char hostbuf[MAXHOSTNAMELEN+1]; ./contrib/ipfilter/fils.c: hostbuf[MAXHOSTNAMELEN] = '\0'; ./contrib/ipfilter/ipmon.c: static char hostbuf[MAXHOSTNAMELEN+1]; ./contrib/ipfilter/ipmon.c: hostbuf[MAXHOSTNAMELEN] = '\0'; ./contrib/ipfilter/ipnat.c:static char thishost[MAXHOSTNAMELEN]; ./contrib/ipfilter/FWTK/fwtk-2.1-transparency.txt:+ if (strlen(psychic) <= MAXHOSTNAMELEN) { ./contrib/ipfilter/FWTK/fwtk_transparent.diff:+ if(strlen(psychic)<=MAXHOSTNAMELEN) { ./contrib/ipfilter/FWTK/fwtkp:+ if(strlen(psychic)<=MAXHOSTNAMELEN) { ./contrib/ipfilter/ipsend/ipsend.c: char *name = argv[0], host[MAXHOSTNAMELEN + 1]; ./contrib/ipfilter/ipsend/iptest.c: char *name = argv[0], host[MAXHOSTNAMELEN + 1]; ./contrib/ipfilter/common.c:static char thishost[MAXHOSTNAMELEN]; ./contrib/nvi/common/recover.c: * MAXHOSTNAMELEN is in various places on various systems, including ./contrib/nvi/common/recover.c:#ifndef MAXHOSTNAMELEN ./contrib/nvi/common/recover.c:#define MAXHOSTNAMELEN 1024 ./contrib/nvi/common/recover.c: char host[MAXHOSTNAMELEN]; ./contrib/opie/opieftpd.c:char remotehost[MAXHOSTNAMELEN]; ./contrib/sendmail/src/conf.c: char hnb[MAXHOSTNAMELEN]; ./contrib/sendmail/src/conf.h:#if !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) ./contrib/sendmail/src/conf.h:# define MAXHOSTNAMELEN 256 ./contrib/sendmail/src/conf.h:#endif /* !defined(MAXHOSTNAMELEN) && !defined(_SCO_unix_) && !defined(NonStop_UX_BXX) && !defined(ALTOS_SYSTEM_V) */ ./contrib/sendmail/src/daemon.c: char jbuf[MAXHOSTNAMELEN]; ./contrib/sendmail/src/daemon.c: char jbuf[MAXHOSTNAMELEN]; ./contrib/sendmail/src/main.c: char jbuf[MAXHOSTNAMELEN]; /* holds MyHostName */ ./contrib/sendmail/src/main.c: char host[MAXHOSTNAMELEN]; ./contrib/sendmail/src/map.c: char buf[MAXHOSTNAMELEN]; ./contrib/sendmail/src/mci.c: char host[MAXHOSTNAMELEN]; ./contrib/sendmail/src/mci.c: char t_host[MAXHOSTNAMELEN]; ./contrib/tcp_wrappers/socket.c: char dot_name[MAXHOSTNAMELEN + 1]; ./contrib/tcp_wrappers/socket.c: if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) { ./contrib/tcp_wrappers/workarounds.c: * Some AIX versions advertise a too small MAXHOSTNAMELEN value (32). ./contrib/tcp_wrappers/workarounds.c:#if (MAXHOSTNAMELEN < 64) ./contrib/tcp_wrappers/workarounds.c:#undef MAXHOSTNAMELEN ./contrib/tcp_wrappers/workarounds.c:#ifndef MAXHOSTNAMELEN ./contrib/tcp_wrappers/workarounds.c:#define MAXHOSTNAMELEN 256 /* storage for host name */ ./contrib/tcp_wrappers/workarounds.c: static char mydomain[MAXHOSTNAMELEN]; ./contrib/tcp_wrappers/workarounds.c: return (getdomainname(mydomain, MAXHOSTNAMELEN)); ./contrib/tcpdump/print-atalk.c: char nambuf[MAXHOSTNAMELEN + 20]; ./contrib/tcpdump/print-bgp.c: char buf[MAXHOSTNAMELEN + 100]; ./contrib/tcpdump/print-bgp.c: char buf[MAXHOSTNAMELEN + 100]; ./contrib/tcpdump/print-icmp.c: char buf[MAXHOSTNAMELEN + 100]; ./contrib/traceroute/traceroute.c:#ifndef MAXHOSTNAMELEN ./contrib/traceroute/traceroute.c:#define MAXHOSTNAMELEN 64 ./contrib/traceroute/traceroute.c: static char domain[MAXHOSTNAMELEN + 1], line[MAXHOSTNAMELEN + 1]; ./contrib/traceroute/traceroute.c: if (gethostname(domain, MAXHOSTNAMELEN) == 0 && ./contrib/tcsh/sh.c: char cbuff[MAXHOSTNAMELEN]; ./contrib/tcsh/sh.h:# undef MAXHOSTNAMELEN /* Busted headers? */ ./contrib/tcsh/sh.h:#ifndef MAXHOSTNAMELEN ./contrib/tcsh/sh.h:# define MAXHOSTNAMELEN 255 ./contrib/tcsh/sh.h:#endif /* MAXHOSTNAMELEN */ ./gnu/libexec/uucp/contrib/uupoll.shar:X char name[MAXHOSTNAMELEN+1]; /* name of site as supplied by uuname */ ./gnu/libexec/uucp/contrib/uupoll.shar:X char This_Site[MAXHOSTNAMELEN+1]; /* our site name */ ./gnu/libexec/uucp/contrib/uupoll.shar:X char Single_Site[MAXHOSTNAMELEN+1]; /* name of site found as arg */ ./gnu/libexec/uucp/contrib/uupoll.shar:X if ((gethostname(sCom_Sto->This_Site,MAXHOSTNAMELEN+1)) != 0) { ./gnu/libexec/uucp/contrib/uupoll.shar:X char curr_site[MAXHOSTNAMELEN+11] = ""; /* keyword + sitename */ ./gnu/libexec/uucp/contrib/uupoll.shar:X while(fgets(sCom_Sto->Sitetab[i].name,MAXHOSTNAMELEN+1,infile)) { ./gnu/libexec/uucp/contrib/uupoll.shar:X char name[MAXHOSTNAMELEN+1]; /* name of site as supplied by uuname */ ./gnu/libexec/uucp/contrib/uupoll.shar:X char This_Site[MAXHOSTNAMELEN+1]; /* our site name */ ./gnu/libexec/uucp/contrib/uupoll.shar:X char System[MAXHOSTNAMELEN+1]; /* intermediate to hold sitename */ ./gnu/libexec/uucp/contrib/uupoll.shar:X if ((gethostname(sCom_Sto->This_Site,MAXHOSTNAMELEN+1)) != 0) { ./gnu/libexec/uucp/contrib/uupoll.shar:X while(fgets(sCom_Sto->Sitetab[i].name,MAXHOSTNAMELEN+1,infile)) { ./gnu/libexec/uucp/contrib/uurate.c: char Hostname[MAXHOSTNAMELEN]; /* def taken from */ ./include/protocols/timed.h: char tsp_name[MAXHOSTNAMELEN]; ./lib/libc/gen/getdomainname.3:.Dv MAXHOSTNAMELEN ./lib/libc/gen/gethostname.3:.Dv MAXHOSTNAMELEN ./lib/libc/gen/getnetgrent.c: char _key[MAXHOSTNAMELEN]; ./lib/libc/net/ether_addr.c: char local_host[MAXHOSTNAMELEN]; ./lib/libc/net/ether_addr.c: char local_host[MAXHOSTNAMELEN]; ./lib/libc/net/getaddrinfo.c: if (n >= MAXHOSTNAMELEN) { ./lib/libc/net/getaddrinfo.c: if (n > buflen || n >= MAXHOSTNAMELEN) { ./lib/libc/net/gethostbydns.c: if (n >= MAXHOSTNAMELEN) { ./lib/libc/net/gethostbydns.c: if (n >= MAXHOSTNAMELEN) { ./lib/libc/net/gethostbydns.c: if (n > buflen || n >= MAXHOSTNAMELEN) { ./lib/libc/net/gethostbydns.c: if (n > buflen || n >= MAXHOSTNAMELEN) { ./lib/libc/net/gethostbydns.c: if (n >= MAXHOSTNAMELEN) { ./lib/libc/net/gethostbydns.c: if (n >= MAXHOSTNAMELEN) { ./lib/libc/net/gethostbydns.c: if (n > buflen || n >= MAXHOSTNAMELEN) ./lib/libc/net/getnameinfo.c: char scopebuf[MAXHOSTNAMELEN]; ./lib/libc/net/getnetbydns.c: char aux1[MAXHOSTNAMELEN], aux2[MAXHOSTNAMELEN], ans[MAXHOSTNAMELEN]; ./lib/libc/net/name6.c: if (n >= MAXHOSTNAMELEN) { ./lib/libc/net/name6.c: DNS_FATAL(n < MAXHOSTNAMELEN); ./lib/libc/net/name6.c: DNS_FATAL(n < MAXHOSTNAMELEN); ./lib/libc/net/name6.c: if (n > buflen || n >= MAXHOSTNAMELEN) { ./lib/libc/net/name6.c: if (n >= MAXHOSTNAMELEN) { ./lib/libc/net/name6.c: if (n > buflen || n >= MAXHOSTNAMELEN) ./lib/libc/net/rcmd.c: char buf[MAXHOSTNAMELEN + 128]; /* host + login */ ./lib/libc/net/rcmd.c: char hname[MAXHOSTNAMELEN]; ./lib/libc/rpc/clnt_simple.c: crp->oldhost = malloc(MAXHOSTNAMELEN); ./lib/libc/rpc/netname.c:#ifndef MAXHOSTNAMELEN ./lib/libc/rpc/netname.c:#define MAXHOSTNAMELEN 256 ./lib/libc/rpc/netname.c: char hostname[MAXHOSTNAMELEN+1]; ./lib/libc/yp/yplib.c:static char _yp_domain[MAXHOSTNAMELEN]; ./lib/libcompat/4.3/rexec.c: char myname[MAXHOSTNAMELEN], *mydomain; ./lib/libfetch/fetch.3: char host[MAXHOSTNAMELEN+1]; ./lib/libfetch/fetch.c: if ((i = q - p - 2) > MAXHOSTNAMELEN) ./lib/libfetch/fetch.c: i = MAXHOSTNAMELEN; ./lib/libfetch/fetch.c: if (i < MAXHOSTNAMELEN) ./lib/libfetch/fetch.h: char host[MAXHOSTNAMELEN+1]; ./lib/libfetch/ftp.c: char localhost[MAXHOSTNAMELEN]; ./lib/libfetch/ftp.c: char pbuf[MAXHOSTNAMELEN + MAXLOGNAME + 1]; ./lib/libfetch/http.c: char hbuf[MAXHOSTNAMELEN + 1]; ./lib/libpam/modules/pam_kerberosIV/klogin.c: char realm[REALM_SZ], savehost[MAXHOSTNAMELEN]; ./lib/libpam/modules/pam_kerberosIV/pam_kerberosIV.c: char localhost[MAXHOSTNAMELEN + 1]; ./lib/libpam/modules/pam_radius/pam_radius.c: char host[MAXHOSTNAMELEN]; ./lib/libskey/skeyaccess.c: char buf[MAXHOSTNAMELEN + 1]; ./lib/libskey/skeyaccess.c: strncpy(buf, hp->h_name, MAXHOSTNAMELEN); ./lib/libskey/skeyaccess.c: buf[MAXHOSTNAMELEN] = 0; ./lib/libskey/skeyaccess.c: char host[MAXHOSTNAMELEN + 1]; ./lib/libskey/skeyaccess.c: hp->h_name : argv[3], MAXHOSTNAMELEN); ./lib/libskey/skeyaccess.c: host[MAXHOSTNAMELEN] = 0; ./lib/libstand/bootparam.c: hostnamelen = MAXHOSTNAMELEN-1; ./lib/libstand/bootparam.c: domainnamelen = MAXHOSTNAMELEN-1; ./lib/libstand/dev_net.c: char buf[MAXHOSTNAMELEN]; ./lib/libutil/logwtmp.c: static char domain[MAXHOSTNAMELEN]; ./lib/libutil/logwtmp.c: char fullhost[MAXHOSTNAMELEN]; ./lib/libutil/realhostname.c: char lookup[MAXHOSTNAMELEN]; ./libexec/bootpd/bootpd.c:static char default_hostname[MAXHOSTNAMELEN]; ./libexec/comsat/comsat.c:char hostname[MAXHOSTNAMELEN]; ./libexec/fingerd/fingerd.c: char rhost[MAXHOSTNAMELEN]; ./libexec/ftpd/ftpd.c:char remotehost[MAXHOSTNAMELEN]; ./libexec/ftpd/ftpd.c: if ((hostname = malloc(MAXHOSTNAMELEN)) == NULL) ./libexec/ftpd/ftpd.c: (void) gethostname(hostname, MAXHOSTNAMELEN - 1); ./libexec/ftpd/ftpd.c: hostname[MAXHOSTNAMELEN - 1] = '\0'; ./libexec/ftpd/ftpd.c: char remote_ip[MAXHOSTNAMELEN]; ./libexec/ftpd/ftpd.c: char who_name[MAXHOSTNAMELEN]; ./libexec/getty/main.c:char hostname[MAXHOSTNAMELEN]; ./libexec/getty/subr.c:char editedhost[MAXHOSTNAMELEN]; ./libexec/pppoed/pppoed.c: char hostname[MAXHOSTNAMELEN], *exec, rhook[NG_HOOKLEN + 1]; ./libexec/rbootd/conf.c:char MyHost[MAXHOSTNAMELEN]; /* host name */ ./libexec/rbootd/defs.h:#ifndef MAXHOSTNAMELEN ./libexec/rbootd/defs.h:#define MAXHOSTNAMELEN 64 ./libexec/rbootd/rbootd.c: if (gethostname(MyHost, MAXHOSTNAMELEN - 1) < 0) { ./libexec/rbootd/rbootd.c: MyHost[MAXHOSTNAMELEN - 1] = '\0'; ./libexec/rexecd/rexecd.c:char remote[MAXHOSTNAMELEN]; ./libexec/rlogind/rlogind.c: char hostname[2 * MAXHOSTNAMELEN + 1]; ./libexec/rshd/rshd.c: char fromhost[2 * MAXHOSTNAMELEN + 1]; ./libexec/rshd/rshd.c: char remote_ip[MAXHOSTNAMELEN]; ./libexec/rshd/rshd.c: char localhost[MAXHOSTNAMELEN]; ./libexec/talkd/talkd.c:char hostname[MAXHOSTNAMELEN]; ./libexec/telnetd/telnetd.c:char remote_hostname[MAXHOSTNAMELEN]; ./libexec/telnetd/telnetd.c:#ifndef MAXHOSTNAMELEN ./libexec/telnetd/telnetd.c:#define MAXHOSTNAMELEN 64 ./libexec/telnetd/telnetd.c:#endif /* MAXHOSTNAMELEN */ ./libexec/telnetd/telnetd.c:char host_name[MAXHOSTNAMELEN]; ./libexec/tftpd/tftpd.c: char host[MAXHOSTNAMELEN]; ./libexec/uucpd/uucpd.c: char remotehost[MAXHOSTNAMELEN]; ./release/sysinstall/media.c: char *cp, hbuf[MAXHOSTNAMELEN], *hostname, *dir; ./release/sysinstall/media.c: char *cp, *idx, hbuf[MAXHOSTNAMELEN], *hostname; ./bin/date/netdate.c: char hostname[MAXHOSTNAMELEN]; ./bin/domainname/domainname.c: char domainname[MAXHOSTNAMELEN]; ./bin/hostname/hostname.c: char *p, hostname[MAXHOSTNAMELEN]; ./sbin/ifconfig/ifconfig.c:char addr_buf[MAXHOSTNAMELEN *2 + 1]; /*for getnameinfo()*/ ./sbin/mount_portal/pt_tcp.c: char host[MAXHOSTNAMELEN]; ./sbin/mount_portal/pt_tcp.c: char port[MAXHOSTNAMELEN]; ./sbin/mount_portal/pt_tcplisten.c: char host[MAXHOSTNAMELEN]; ./sbin/mount_portal/pt_tcplisten.c: char port[MAXHOSTNAMELEN]; ./sbin/ping/ping.c: char *source = NULL, *target, hnamebuf[MAXHOSTNAMELEN]; ./sbin/ping/ping.c: char snamebuf[MAXHOSTNAMELEN]; ./sbin/ping/ping.c: static char buf[16 + 3 + MAXHOSTNAMELEN]; ./sbin/ping6/ping6.c: static char buf[MAXHOSTNAMELEN]; ./sbin/route/route.c:char name_buf[MAXHOSTNAMELEN * 2 + 1]; /*for getnameinfo()*/ ./sbin/route/route.c: static char line[MAXHOSTNAMELEN + 1]; ./sbin/route/route.c: static char domain[MAXHOSTNAMELEN + 1]; ./sbin/route/route.c: if (gethostname(domain, MAXHOSTNAMELEN) == 0 && ./sbin/route/route.c: domain[MAXHOSTNAMELEN] = '\0'; ./sbin/route/route.c: static char line[MAXHOSTNAMELEN + 1]; ./sbin/route/route.c: static char mybuf[50+MAXHOSTNAMELEN], cport[10], chost[25]; ./sbin/routed/main.c:char myname[MAXHOSTNAMELEN+1]; ./sbin/routed/parms.c: char hname[MAXHOSTNAMELEN+1]; ./sbin/routed/rtquery/rtquery.c: char hname[MAXHOSTNAMELEN+1]; ./sbin/shutdown/shutdown.c: static char hostname[MAXHOSTNAMELEN + 1]; ./share/doc/psd/05.sysman/1.1.t:name of up to 64 characters (as defined by MAXHOSTNAMELEN in ./share/doc/psd/05.sysman/spell.ok:MAXHOSTNAMELEN ./share/man/man7/mdoc.samples.7:.Bl -tag -width ".Dv MAXHOSTNAMELEN" -compact -offset 14n ./share/man/man7/mdoc.samples.7:.It Li ".Dv MAXHOSTNAMELEN" ./share/man/man7/mdoc.samples.7:.Dv MAXHOSTNAMELEN ./sys/boot/common/dev_net.c: char buf[MAXHOSTNAMELEN]; ./sys/i386/boot/dosboot/sysparam.h:#define MAXHOSTNAMELEN 256 /* max hostname size */ ./sys/i386/ibcs2/ibcs2_socksys.c: char hname[MAXHOSTNAMELEN], *dptr; ./sys/i386/ibcs2/ibcs2_socksys.c: char hname[MAXHOSTNAMELEN], *ptr; ./sys/kern/kern_mib.c:char hostname[MAXHOSTNAMELEN]; ./sys/kern/kern_mib.c:char domainname[MAXHOSTNAMELEN]; ./sys/netinet6/icmp6.c: /* because MAXHOSTNAMELEN is usually 256, we use cluster mbuf */ ./sys/netkey/key.c: static char fqdn[MAXHOSTNAMELEN + 1]; ./sys/netkey/key.c: static char userfqdn[MAXHOSTNAMELEN + MAXLOGNAME + 2]; ./sys/nfs/bootp_subr.c: if (gctx->tag.taglen >= MAXHOSTNAMELEN) ./sys/nfs/bootp_subr.c: MAXHOSTNAMELEN); ./sys/nfs/nfs_vfsops.c: MAXHOSTNAMELEN); ./sys/nfs/nfs_vfsops.c: bcopy(nd->my_hostnam, hostname, MAXHOSTNAMELEN); ./sys/nfs/nfs_vfsops.c: hostname[MAXHOSTNAMELEN - 1] = '\0'; ./sys/nfs/nfs_vfsops.c: for (i = 0; i < MAXHOSTNAMELEN; i++) ./sys/nfs/nfsdiskless.h: char my_hostnam[MAXHOSTNAMELEN]; /* Client host name */ ./sys/nfs/nfsdiskless.h: char my_hostnam[MAXHOSTNAMELEN]; /* Client host name */ ./sys/sys/jail.h: char pr_host[MAXHOSTNAMELEN]; ./sys/sys/kernel.h:extern char hostname[MAXHOSTNAMELEN]; ./sys/sys/kernel.h:extern char domainname[MAXHOSTNAMELEN]; ./sys/sys/param.h:#define MAXHOSTNAMELEN 256 /* max hostname size */ ./usr.bin/ftp/cmds.c: static char gsbuf[MAXHOSTNAMELEN]; ./usr.bin/ftp/fetch.c: static char lasthost[MAXHOSTNAMELEN]; ./usr.bin/ftp/ftp.c: static char hostnamebuf[MAXHOSTNAMELEN]; ./usr.bin/ftp/ftp.c: char name[MAXHOSTNAMELEN]; ./usr.bin/ftp/ruserpass.c: char myname[MAXHOSTNAMELEN], *mydomain; ./usr.bin/ftp/util.c: char anonpass[MAXLOGNAME + 1 + MAXHOSTNAMELEN]; /* "user@hostname" */ ./usr.bin/ftp/util.c: char hostname[MAXHOSTNAMELEN]; ./usr.bin/ftp/util.c: gethostname(hostname, MAXHOSTNAMELEN); ./usr.bin/last/last.c: static char *hostdot, name[MAXHOSTNAMELEN]; ./usr.bin/lock/lock.c: char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ]; ./usr.bin/login/login.c:char full_hostname[MAXHOSTNAMELEN]; ./usr.bin/login/login.c: char hostbuf[MAXHOSTNAMELEN]; ./usr.bin/login/login.c: char hostbuf[MAXHOSTNAMELEN]; ./usr.bin/netstat/inet.c: static char line[MAXHOSTNAMELEN + 1]; ./usr.bin/netstat/inet6.c: static char domain[MAXHOSTNAMELEN + 1]; ./usr.bin/netstat/inet6.c: if (gethostname(domain, MAXHOSTNAMELEN) == 0 && ./usr.bin/netstat/main.c: static char domain[MAXHOSTNAMELEN + 1]; ./usr.bin/netstat/main.c: if (gethostname(domain, MAXHOSTNAMELEN) == 0 && ./usr.bin/netstat/route.c: static char line[MAXHOSTNAMELEN + 1]; ./usr.bin/netstat/route.c: static char line[MAXHOSTNAMELEN + 1]; ./usr.bin/netstat/route.c: static char line[MAXHOSTNAMELEN + 1]; ./usr.bin/netstat/route.c: static char line[MAXHOSTNAMELEN + 1]; ./usr.bin/rwall/rwall.c: char *whom, hostname[MAXHOSTNAMELEN], lbuf[256], tmpname[64]; ./usr.bin/su/su.c: char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; ./usr.bin/systat/main.c:char hostname[MAXHOSTNAMELEN]; ./usr.bin/talk/get_names.c: char hostname[MAXHOSTNAMELEN]; ./usr.bin/telnet/commands.c:#ifndef MAXHOSTNAMELEN ./usr.bin/telnet/commands.c:#define MAXHOSTNAMELEN 64 ./usr.bin/telnet/commands.c:#endif MAXHOSTNAMELEN ./usr.bin/telnet/commands.c:static char _hostname[MAXHOSTNAMELEN]; ./usr.bin/tftp/main.c:char hostname[MAXHOSTNAMELEN]; ./usr.bin/w/w.c:char domain[MAXHOSTNAMELEN]; ./usr.bin/w/w.c: char buf[MAXHOSTNAMELEN], errbuf[256]; ./usr.bin/wall/wall.c: char *p, *whom, hostname[MAXHOSTNAMELEN], lbuf[256], tmpname[64]; ./usr.bin/write/write.c: char path[MAXPATHLEN], host[MAXHOSTNAMELEN], line[512]; ./usr.sbin/cron/cron/cron.h:#ifndef MAXHOSTNAMELEN ./usr.sbin/cron/cron/cron.h:#define MAXHOSTNAMELEN 64 ./usr.sbin/cron/cron/do_command.c: auto char hostname[MAXHOSTNAMELEN]; ./usr.sbin/cron/cron/do_command.c: (void) gethostname(hostname, MAXHOSTNAMELEN); ./usr.sbin/faithd/faithd.c: char src[MAXHOSTNAMELEN]; ./usr.sbin/faithd/faithd.c: char dst6[MAXHOSTNAMELEN]; ./usr.sbin/faithd/faithd.c: char dst4[MAXHOSTNAMELEN]; ./usr.sbin/lpr/common_source/lp.h:extern char host[MAXHOSTNAMELEN]; ./usr.sbin/lpr/common_source/net.c:char host[MAXHOSTNAMELEN]; ./usr.sbin/lpr/common_source/net.c: char name[MAXHOSTNAMELEN]; ./usr.sbin/lpr/lpd/lpd.c:char fromb[MAXHOSTNAMELEN]; /* buffer for client's machine name */ ./usr.sbin/mrouted/cfparse.y: char buf[MAXHOSTNAMELEN + 100]; ./usr.sbin/mrouted/cfparse.y: char buf[MAXHOSTNAMELEN + 100]; ./usr.sbin/mrouted/mtrace.c: char myhostname[MAXHOSTNAMELEN]; ./usr.sbin/mtree/create.c: char *argv[2], host[MAXHOSTNAMELEN]; ./usr.sbin/newsyslog/newsyslog.c:char hostname[MAXHOSTNAMELEN + 1]; /* hostname */ ./usr.sbin/pim6sd/inet6.c: static char ip6buf[8][MAXHOSTNAMELEN]; ./usr.sbin/pim6sd/inet6.c: getnameinfo((struct sockaddr *)sa6, sa6->sin6_len, cp, MAXHOSTNAMELEN, ./usr.sbin/pim6sd/mtrace6/mtrace6.c: static char buf[MAXHOSTNAMELEN]; ./usr.sbin/ppp/ip.c: char name[MAXHOSTNAMELEN + 1], *n; ./usr.sbin/ppp/ip.c: if (end - ptr > MAXHOSTNAMELEN) ./usr.sbin/ppp/ip.c: end = ptr + MAXHOSTNAMELEN; ./usr.sbin/ppp/ipcp.c: char name[MAXHOSTNAMELEN]; ./usr.sbin/ppp/prompt.c: static char shostname[MAXHOSTNAMELEN]; ./usr.sbin/ppp/radius.c: char hostname[MAXHOSTNAMELEN]; ./usr.sbin/rpc.lockd/procs.c:#include /* for MAXHOSTNAMELEN */ ./usr.sbin/rpc.yppasswdd/yppasswdd_main.c: char myname[MAXHOSTNAMELEN + 2]; ./usr.sbin/rwhod/rwhod.c:char myname[MAXHOSTNAMELEN]; ./usr.sbin/syslogd/syslogd.c: char f_hname[MAXHOSTNAMELEN+1]; ./usr.sbin/syslogd/syslogd.c: char f_prevhost[MAXHOSTNAMELEN+1]; /* host from which recd. */ ./usr.sbin/syslogd/syslogd.c:char LocalHostName[MAXHOSTNAMELEN+1]; /* our hostname */ ./usr.sbin/syslogd/syslogd.c: char host[MAXHOSTNAMELEN+1]; ./usr.sbin/syslogd/syslogd.c: for (i = 1; i < MAXHOSTNAMELEN; i++) { ./usr.sbin/syslogd/syslogd.c: char *cp, name[MAXHOSTNAMELEN]; ./usr.sbin/timed/timed/globals.h: char name[MAXHOSTNAMELEN]; ./usr.sbin/timed/timed/master.c: char tname[MAXHOSTNAMELEN]; ./usr.sbin/timed/timed/master.c: char tname[MAXHOSTNAMELEN]; ./usr.sbin/timed/timed/slave.c:static char master_name[MAXHOSTNAMELEN]; ./usr.sbin/timed/timed/slave.c: char tname[MAXHOSTNAMELEN]; ./usr.sbin/timed/timed/timed.c: char name[MAXHOSTNAMELEN]; ./usr.sbin/timed/timed/timed.c: char tname[MAXHOSTNAMELEN]; ./usr.sbin/timed/timed/timed.c: char mastername[MAXHOSTNAMELEN]; ./usr.sbin/timed/timedc/cmds.c:char myname[MAXHOSTNAMELEN]; ./usr.sbin/traceroute6/traceroute6.c:#ifndef MAXHOSTNAMELEN ./usr.sbin/traceroute6/traceroute6.c:#define MAXHOSTNAMELEN 64 ./usr.sbin/traceroute6/traceroute6.c: static char domain[MAXHOSTNAMELEN + 1]; ./usr.sbin/traceroute6/traceroute6.c: if (gethostname(domain, MAXHOSTNAMELEN) == 0 && ./usr.sbin/yp_mkdb/yp_mkdb.c: char hname[MAXHOSTNAMELEN + 2]; ./usr.sbin/yppush/yppush_main.c: char myname[MAXHOSTNAMELEN]; ./usr.sbin/ypserv/yp_dnslookup.c: static char result[MAXHOSTNAMELEN * 2]; ./usr.sbin/ypserv/yp_dnslookup.c: char retrybuf[MAXHOSTNAMELEN]; ./usr.sbin/ypserv/yp_dnslookup.c: char buf[MAXHOSTNAMELEN]; ./crypto/heimdal/appl/kf/kfd.c: char hostname[MAXHOSTNAMELEN]; ./crypto/heimdal/appl/login/login_access.c: static char name[MAXHOSTNAMELEN + 1] = ""; ./crypto/heimdal/appl/login/login_access.c: name[MAXHOSTNAMELEN] = 0; ./crypto/heimdal/appl/test/tcp_server.c: char hostname[MAXHOSTNAMELEN]; ./crypto/heimdal/lib/gssapi/import_name.c: char local_hostname[MAXHOSTNAMELEN]; ./crypto/heimdal/lib/krb5/get_addrs.c: char hostname[MAXHOSTNAMELEN]; ./crypto/heimdal/lib/krb5/get_host_realm.c: char dom[MAXHOSTNAMELEN]; ./crypto/heimdal/lib/krb5/get_host_realm.c: char hostname[MAXHOSTNAMELEN]; ./crypto/heimdal/lib/krb5/verify_init.c: char local_hostname[MAXHOSTNAMELEN]; ./crypto/heimdal/lib/roken/getaddrinfo_hostspec.c: char host[MAXHOSTNAMELEN]; ./crypto/heimdal/lib/roken/roken_gethostby.c: char host[MAXHOSTNAMELEN]; ./crypto/kerberosIV/ChangeLog: * appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen. ./crypto/kerberosIV/appl/bsd/login_access.c: static char name[MAXHOSTNAMELEN + 1] = ""; ./crypto/kerberosIV/appl/bsd/login_access.c: name[MAXHOSTNAMELEN] = 0; ./crypto/kerberosIV/lib/roken/roken_gethostby.c: char host[MAXHOSTNAMELEN]; ./crypto/kerberosIV/man/krb_realmofhost.3:hold any hostname (MAXHOSTNAMELEN from ). ./crypto/openssh/auth-krb4.c: char localhost[MAXHOSTNAMELEN]; ./crypto/openssh/canohost.c: char name[MAXHOSTNAMELEN]; ./crypto/openssh/channels.c: char hostname[MAXHOSTNAMELEN]; ./crypto/openssh/pam_ssh/pam_ssh.c: char hname[MAXHOSTNAMELEN]; /* local hostname */ ./crypto/openssh/session.c: char hostname[MAXHOSTNAMELEN]; ./crypto/openssh/ssh-keygen.c:char hostname[MAXHOSTNAMELEN]; ./crypto/openssh/sshd.c:unsigned int utmp_len = MAXHOSTNAMELEN; ./crypto/telnet/telnet/commands.c:#ifndef MAXHOSTNAMELEN ./crypto/telnet/telnet/commands.c:#define MAXHOSTNAMELEN 64 ./crypto/telnet/telnet/commands.c:#endif MAXHOSTNAMELEN ./crypto/telnet/telnet/commands.c:static char _hostname[MAXHOSTNAMELEN]; ./crypto/telnet/telnetd/telnetd.c:char remote_hostname[MAXHOSTNAMELEN]; ./crypto/telnet/telnetd/telnetd.c:#ifndef MAXHOSTNAMELEN ./crypto/telnet/telnetd/telnetd.c:#define MAXHOSTNAMELEN 64 ./crypto/telnet/telnetd/telnetd.c:#endif /* MAXHOSTNAMELEN */ ./crypto/telnet/telnetd/telnetd.c:char host_name[MAXHOSTNAMELEN]; --------------4F6D75CC2491C5CE858CC2F4-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 26 9: 1:44 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.utfors.se (mail.utfors.se [195.58.103.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E2A437B479 for ; Sun, 26 Nov 2000 09:01:37 -0800 (PST) Received: from ludd.luth.se (md46914c6.utfors.se [212.105.20.198]) by mail.utfors.se (8.8.8/8.8.8) with ESMTP id SAA14387; Sun, 26 Nov 2000 18:00:39 +0100 (MET) Message-ID: <3A2141A0.7BF149C4@ludd.luth.se> Date: Sun, 26 Nov 2000 18:00:16 +0100 From: Joachim =?iso-8859-1?Q?Str=F6mbergson?= Organization: Acne X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en-US MIME-Version: 1.0 To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: Project for auditors References: <20001124143336.A70550@citusc17.usc.edu> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Aloha! Kris Kennaway wrote: > Here's something I just noticed../usr/bin/mail will repeatedly create > files with the same name from mktemp(), of the form /tmp/RsXXXXXX (as > well as some others). This needs to be fixed to use mkstemp() since > theres the very easy to exploit race condition there. > > Anyone up for it? Well, I took a 5 min browse in the code. There are two files in mail that uses mktemp: temp.c and quit.c. 5 instances from line 79 and onward in file temp.c, and 1 instance on line 424 in quit.c Replacing mktemp() calls with mkstemp() calls was no problem. But since I don't trust myself on this (yet, hopefully), I'm unsure what I need to change in the code surrounding the actual call. The man page describes the NULL vs -1 diffs. I took a look at the patch for printjob.c and am trying to adapt the way it calls mkstemp(). Also, in the quit.c the temp file is deleted by rm(tempname) on line 448. Should I use unlink() instead? -- Cheers! Joachim - Alltid i harmonisk svängning --- FairLight ------ FairLight ------ FairLight ------ FairLight --- Joachim Strömbergson ASIC SoC designer, nice to CUTE animals Phone: +46(0)31 - 27 98 47 Web: http://www.ludd.luth.se/~watchman --------------- Spamfodder: regeringen@regeringen.se --------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 26 14:28:18 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1732937B479 for ; Sun, 26 Nov 2000 14:28:15 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAQMT8939478; Sun, 26 Nov 2000 14:29:08 -0800 (PST) (envelope-from kris) Date: Sun, 26 Nov 2000 14:29:08 -0800 From: Kris Kennaway To: =?iso-8859-1?Q?Joachim_Str=F6mbergson?= Cc: FreeBSD-Audit Subject: Re: MAXHOSTNAMELEN Message-ID: <20001126142908.C39200@citusc17.usc.edu> References: <20001125214903.A14677@citusc17.usc.edu> <3A2141AF.CF7C5318@ludd.luth.se> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="eHhjakXzOLJAF9wJ" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A2141AF.CF7C5318@ludd.luth.se>; from watchman@ludd.luth.se on Sun, Nov 26, 2000 at 06:00:31PM +0100 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --eHhjakXzOLJAF9wJ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 26, 2000 at 06:00:31PM +0100, Joachim Str=F6mbergson wrote: > By browsing the list, a few interesting ones pop out: >=20 > ./contrib/amd/include/am_utils.h:# define MAXHOSTNAMELEN 64 > ./contrib/nvi/common/recover.c:#define MAXHOSTNAMELEN 1024 > ./contrib/traceroute/traceroute.c:#define MAXHOSTNAMELEN 64 I haven't touched these yet - need to send the fix back to the vendors to fix at the source. > ./contrib/tcsh/sh.h:# define MAXHOSTNAMELEN 255 > ./libexec/rbootd/defs.h:#define MAXHOSTNAMELEN 64 > ./libexec/telnetd/telnetd.c:#define MAXHOSTNAMELEN 64 > ./usr.sbin/traceroute6/traceroute6.c:#define MAXHOSTNAMELEN 64 I've fixed these or sent the patch to the vendors. Fortunately, none of them are actually problems for us, as they're all of the form: #ifndef MAXHOSTNAMELEN #define MAXHOSTNAMELEN bogusvalue #endif but I've fixed these last four, plus the othr ones in telnet and telnetd. > These are some of the definitions of the length that looks more or less > wrong to me. There are more of these in the list. Then, as you can see > in the list there are tons of MAXHOSTNAMELEN+1, *2 and all kinds of > arithmetic. Looks rather messy and uncoordinated. It's not a job of major importance, but these should be corrected at some point.. Kris --eHhjakXzOLJAF9wJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjohjrMACgkQWry0BWjoQKXnXACfW2MKNHviPYY4dLXu5hJ+5+8j F+AAnRqIAClLXILcMSYB+Myl3FYJ91fw =rCDU -----END PGP SIGNATURE----- --eHhjakXzOLJAF9wJ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 26 15: 7:38 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 6008A37B4CF for ; Sun, 26 Nov 2000 15:07:36 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAQN8Wq40420 for audit@FreeBSD.org; Sun, 26 Nov 2000 15:08:32 -0800 (PST) (envelope-from kris) Date: Sun, 26 Nov 2000 15:08:32 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: format_ip_addr() in libatm Message-ID: <20001126150832.A40399@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable *sigh* Why is it so hard to understand that DNS addresses can be up to 255 bytes long? Reviews please. Kris Index: ip_addr.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/lib/libatm/ip_addr.c,v retrieving revision 1.3 diff -u -r1.3 ip_addr.c --- ip_addr.c 1999/08/27 23:58:04 1.3 +++ ip_addr.c 2000/11/26 22:58:37 @@ -124,7 +124,7 @@ format_ip_addr(addr) struct in_addr *addr; { - static char host_name[128]; + static char host_name[MAXHOSTNAMELEN + 18]; char *ip_num; struct hostent *ip_host; =20 @@ -154,10 +154,8 @@ /* * Return host name followed by dotted decimal address */ - strcpy(host_name, ip_host->h_name); - strcat(host_name, " ("); - strcat(host_name, ip_num); - strcat(host_name, ")"); + snprintf(host_name, sizeof(host_name), "%s (%s)", + ip_host->h_name, ip_num); return(host_name); } else { /* --9amGYk9869ThD9tj Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjohl+8ACgkQWry0BWjoQKXbzwCfdGnlWs7qsUicDyNoLL/hUa/e 1UIAmgMkSACNOcnbppH5RZJJ/eEI16ri =4sJX -----END PGP SIGNATURE----- --9amGYk9869ThD9tj-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Nov 26 22:19:56 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 3B27637B4F9 for ; Sun, 26 Nov 2000 22:19:54 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAR6KmE46899 for audit@FreeBSD.org; Sun, 26 Nov 2000 22:20:48 -0800 (PST) (envelope-from kris) Date: Sun, 26 Nov 2000 22:20:48 -0800 From: Kris Kennaway To: audit@FreeBSD.org Subject: gcc __attributes for format strings Message-ID: <20001126222048.A46809@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Okay, looks like we can play with some gcc attributes to flag things as format strings. For example: Index: create_chunk.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /mnt/ncvs/src/lib/libdisk/create_chunk.c,v retrieving revision 1.54 diff -u -r1.54 create_chunk.c --- create_chunk.c 2000/11/06 23:15:01 1.54 +++ create_chunk.c 2000/11/27 06:14:00 @@ -28,6 +28,8 @@ #include #include "libdisk.h" =20 +static void msgDebug(char *, ...) __printf0like(1,0); + /* Clone these two from sysinstall because we need our own copies * due to link order problems with `crunch'. Feh! */ __printf0like(a,b) says "treat argument 'a' as a printf format string which may be null, and arguments starting with 'b' are the arguments to the format string". b=3D0 is for the case of a varargs function like above. __printflike(a,b) is the same thing except it doesn't allow a NULL format string. We need to go through and prototype functions appropriately (in headers, or internally) - I think it's possible to fix all of the -Wnon-const-format warnings this way. The docs in contrib/gcc/extend.texi explain this better - can someone check that I'm doing the right thing? Kris --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoh/T4ACgkQWry0BWjoQKWbmACg1uufMImPu/tJBZ2MCz4pB0U1 ja4AmwcIYh89suTD4Yx3VlpEnswH9Qcv =ABGF -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 27 7:58:42 2000 Delivered-To: freebsd-audit@freebsd.org Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu [128.208.78.105]) by hub.freebsd.org (Postfix) with ESMTP id 224CE37B479; Mon, 27 Nov 2000 07:58:37 -0800 (PST) Received: (from sgk@localhost) by troutmask.apl.washington.edu (8.11.1/8.11.1) id eARG49V29464; Mon, 27 Nov 2000 08:04:09 -0800 (PST) (envelope-from sgk) From: Steve Kargl Message-Id: <200011271604.eARG49V29464@troutmask.apl.washington.edu> Subject: Re: gcc __attributes for format strings In-Reply-To: <20001126222048.A46809@citusc17.usc.edu> from Kris Kennaway at "Nov 26, 2000 10:20:48 pm" To: Kris Kennaway Date: Mon, 27 Nov 2000 08:04:09 -0800 (PST) Cc: audit@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > Okay, looks like we can play with some gcc attributes to flag things > as format strings. For example: > [snip] > We need to go through and prototype functions appropriately (in > headers, or internally) - I think it's possible to fix all of the > -Wnon-const-format warnings this way. Are gcc attributes C89 or C99 features? If not, you probably want to ask bde about sprinkling gcc only features throughout the header files. -- Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 27 8: 4:13 2000 Delivered-To: freebsd-audit@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 48D5F37B479; Mon, 27 Nov 2000 08:04:05 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id eARG3d250550; Mon, 27 Nov 2000 18:03:39 +0200 (EET) (envelope-from ru) Date: Mon, 27 Nov 2000 18:03:39 +0200 From: Ruslan Ermilov To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: Tempfiles and groff Message-ID: <20001127180339.B48026@sunbay.com> References: <20001119161706.A3039@citusc17.usc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001119161706.A3039@citusc17.usc.edu>; from kris@FreeBSD.ORG on Sun, Nov 19, 2000 at 04:17:06PM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Nov 19, 2000 at 04:17:06PM -0800, Kris Kennaway wrote: > Any groff experts in the house? > > I want to fix the following ugliness in > /usr/src/contrib/groff/tmac/tmac.pspic which is apparently called > during make world, and possibly at other times. > > .sy echo .ps-bb `psbb \\$1` >/tmp/psbb\\n[$$] > .so /tmp/psbb\\n[$$] > .sy rm /tmp/psbb\\n[$$] > > We need to set a variable to contain the tempfile name generated with > mktemp and refer to that in the later lines. I have no idea how to do > this (or even what .so does :-) > Sorry it took so long to reply... Groff 1.16 and above implement the .psbb request within troff(1) rather than (as in groff 1.15) with external psbb(1) utility, so this /tmp/psbb issue should go away when we import the latest groff. I have a plan to import the latest groff soon. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 27 8:33:36 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mout0.freenet.de (mout0.freenet.de [194.97.50.131]) by hub.freebsd.org (Postfix) with ESMTP id DA64337B479; Mon, 27 Nov 2000 08:33:32 -0800 (PST) Received: from [194.97.50.144] (helo=mx1.freenet.de) by mout0.freenet.de with esmtp (Exim 3.16 #20) id 140RDe-0004Ou-00; Mon, 27 Nov 2000 17:33:30 +0100 Received: from a31f0.pppool.de ([213.6.49.240] helo=Magelan.Leidinger.net) by mx1.freenet.de with esmtp (Exim 3.16 #20) id 140RDe-0002hi-00; Mon, 27 Nov 2000 17:33:30 +0100 Received: from Leidinger.net (netchild@localhost [127.0.0.1]) by Magelan.Leidinger.net (8.11.1/8.11.1) with ESMTP id eARGOir89679; Mon, 27 Nov 2000 17:24:45 +0100 (CET) (envelope-from netchild@Leidinger.net) Message-Id: <200011271624.eARGOir89679@Magelan.Leidinger.net> Date: Mon, 27 Nov 2000 17:24:42 +0100 (CET) From: Alexander Leidinger Subject: Re: gcc __attributes for format strings To: kris@FreeBSD.ORG Cc: audit@FreeBSD.ORG In-Reply-To: <20001126222048.A46809@citusc17.usc.edu> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 26 Nov, Kris Kennaway wrote: > Okay, looks like we can play with some gcc attributes to flag things > as format strings. For example: > > Index: create_chunk.c > =================================================================== > RCS file: /mnt/ncvs/src/lib/libdisk/create_chunk.c,v > retrieving revision 1.54 > diff -u -r1.54 create_chunk.c > --- create_chunk.c 2000/11/06 23:15:01 1.54 > +++ create_chunk.c 2000/11/27 06:14:00 > @@ -28,6 +28,8 @@ > #include > #include "libdisk.h" > > +static void msgDebug(char *, ...) __printf0like(1,0); > + > /* Clone these two from sysinstall because we need our own copies > * due to link order problems with `crunch'. Feh! > */ > > __printf0like(a,b) says "treat argument 'a' as a printf format string > which may be null, and arguments starting with 'b' are the arguments > to the format string". b=0 is for the case of a varargs function like > above. From gcc.info (on -current): ---snip--- `format (ARCHETYPE, STRING-INDEX, FIRST-TO-CHECK)' The `format' attribute specifies that a function takes `printf', `scanf', or `strftime' style arguments which should be type-checked against a format string. For example, the declaration: extern int my_printf (void *my_object, const char *my_format, ...) __attribute__ ((format (printf, 2, 3))); causes the compiler to check the arguments in calls to `my_printf' for consistency with the `printf' style format string argument `my_format'. [...] ---snip--- A search in gcc.info for printflike didn't show a match. Bye, Alexander. -- Reboot America. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = 7423 F3E6 3A7E B334 A9CC B10A 1F5F 130A A638 6E7E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 27 8:39:31 2000 Delivered-To: freebsd-audit@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id B92CA37B4C5; Mon, 27 Nov 2000 08:39:27 -0800 (PST) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.11.1/8.11.1) with ESMTP id eARGd5g04060; Mon, 27 Nov 2000 22:39:05 +0600 (NS) (envelope-from fjoe@iclub.nsu.ru) Date: Mon, 27 Nov 2000 22:39:04 +0600 (NS) From: Max Khon To: Alexander Leidinger Cc: kris@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: gcc __attributes for format strings In-Reply-To: <200011271624.eARGOir89679@Magelan.Leidinger.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hi, there! On Mon, 27 Nov 2000, Alexander Leidinger wrote: > >From gcc.info (on -current): > ---snip--- > `format (ARCHETYPE, STRING-INDEX, FIRST-TO-CHECK)' > The `format' attribute specifies that a function takes `printf', > `scanf', or `strftime' style arguments which should be type-checked > against a format string. For example, the declaration: > > extern int > my_printf (void *my_object, const char *my_format, ...) > __attribute__ ((format (printf, 2, 3))); > > causes the compiler to check the arguments in calls to `my_printf' > for consistency with the `printf' style format string argument > `my_format'. > [...] > ---snip--- > A search in gcc.info for printflike didn't show a match. it is defined in /usr/include/sys/cdefs.h /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 27 13:46:19 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mail.utfors.se (mail.utfors.se [195.58.103.125]) by hub.freebsd.org (Postfix) with ESMTP id 91E2737B479 for ; Mon, 27 Nov 2000 13:46:12 -0800 (PST) Received: from ludd.luth.se (md4692557.utfors.se [212.105.37.87]) by mail.utfors.se (8.8.8/8.8.8) with ESMTP id WAA09200; Mon, 27 Nov 2000 22:45:16 +0100 (MET) Message-ID: <3A22D5DA.D5F4BAA7@ludd.luth.se> Date: Mon, 27 Nov 2000 22:44:58 +0100 From: Joachim =?iso-8859-1?Q?Str=F6mbergson?= Organization: Acne X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en-US MIME-Version: 1.0 To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: format_ip_addr() in libatm References: <20001126150832.A40399@citusc17.usc.edu> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Aloha! Kris Kennaway wrote: > > *sigh* Why is it so hard to understand that DNS addresses can be up to > 255 bytes long? > > Reviews please. > > Kris > > Index: ip_addr.c > =================================================================== > RCS file: /mnt/ncvs/src/lib/libatm/ip_addr.c,v > retrieving revision 1.3 > diff -u -r1.3 ip_addr.c > --- ip_addr.c 1999/08/27 23:58:04 1.3 > +++ ip_addr.c 2000/11/26 22:58:37 > @@ -124,7 +124,7 @@ > format_ip_addr(addr) > struct in_addr *addr; > { > - static char host_name[128]; > + static char host_name[MAXHOSTNAMELEN + 18]; > char *ip_num; > struct hostent *ip_host; I might be waaay off from what you are hinting at here but... Is this a patch by you that sets the size of host_name to MAXHOSTNAMELEN+18, or is this somebody elses patch that you consider bad? If it's the latter, then why the extra 18 bytes? Otherwise, I didn't see any probs... The disclaimer being my (in)ability to perfectly grasp C code. -- Cheers! Joachim - Alltid i harmonisk svängning --- FairLight ------ FairLight ------ FairLight ------ FairLight --- Joachim Strömbergson ASIC SoC designer, nice to CUTE animals Phone: +46(0)31 - 27 98 47 Web: http://www.ludd.luth.se/~watchman --------------- Spamfodder: regeringen@regeringen.se --------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Nov 27 14:10:49 2000 Delivered-To: freebsd-audit@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id D7AE937B666 for ; Mon, 27 Nov 2000 14:10:45 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eARMBa066671; Mon, 27 Nov 2000 14:11:36 -0800 (PST) (envelope-from kris) Date: Mon, 27 Nov 2000 14:11:35 -0800 From: Kris Kennaway To: =?iso-8859-1?Q?Joachim_Str=F6mbergson?= Cc: Kris Kennaway , audit@FreeBSD.ORG Subject: Re: format_ip_addr() in libatm Message-ID: <20001127141135.B66576@citusc17.usc.edu> References: <20001126150832.A40399@citusc17.usc.edu> <3A22D5DA.D5F4BAA7@ludd.luth.se> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="f2QGlHpHGjS2mn6Y" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3A22D5DA.D5F4BAA7@ludd.luth.se>; from watchman@ludd.luth.se on Mon, Nov 27, 2000 at 10:44:58PM +0100 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --f2QGlHpHGjS2mn6Y Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 27, 2000 at 10:44:58PM +0100, Joachim Str=F6mbergson wrote: > > Index: ip_addr.c > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > RCS file: /mnt/ncvs/src/lib/libatm/ip_addr.c,v > > retrieving revision 1.3 > > diff -u -r1.3 ip_addr.c > > --- ip_addr.c 1999/08/27 23:58:04 1.3 > > +++ ip_addr.c 2000/11/26 22:58:37 > > @@ -124,7 +124,7 @@ > > format_ip_addr(addr) > > struct in_addr *addr; > > { > > - static char host_name[128]; > > + static char host_name[MAXHOSTNAMELEN + 18]; > > char *ip_num; > > struct hostent *ip_host; >=20 > I might be waaay off from what you are hinting at here but... > Is this a patch by you that sets the size of host_name to > MAXHOSTNAMELEN+18, or is this somebody elses patch that you consider > bad? >=20 > If it's the latter, then why the extra 18 bytes?=20 > Otherwise, I didn't see any probs... The disclaimer being my (in)ability > to perfectly grasp C code. It's my patch. The current code allocates 128 bytes and tries to fit a DNS hostname (which can be up to MAXHOSTNAMELEN=3D256 characters long, including terminating NULL) plus 18 bytes of other stuff in there (IP address, mostly). The DNS hostname needs MAXHOSTNAMELEN characters of space (including terminating NULL for the string), and the other stuff adds up to 18. Kris --f2QGlHpHGjS2mn6Y Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoi3BcACgkQWry0BWjoQKWYDwCePSV650ZQeb/V4oWV6Oh3A2ep zmUAmgMqRZC0f/pKf0sRwVoJFZ6NZLKg =F91r -----END PGP SIGNATURE----- --f2QGlHpHGjS2mn6Y-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 30 18:49:35 2000 Delivered-To: freebsd-audit@freebsd.org Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27]) by hub.freebsd.org (Postfix) with ESMTP id A967937B400 for ; Thu, 30 Nov 2000 18:49:29 -0800 (PST) Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1]) by netau1.alcanet.com.au (8.9.3 (PHNE_18979)/8.9.3) with ESMTP id NAA14274; Fri, 1 Dec 2000 13:49:25 +1100 (EDT) Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au (PMDF V5.2-32 #37641) with ESMTP id <01JX6XGPEXQOE7XDD0@cim.alcatel.com.au>; Fri, 1 Dec 2000 13:49:09 +1100 Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.11.0/8.11.0) id eB12n3x03226; Fri, 01 Dec 2000 13:49:03 +1100 (EST envelope-from jeremyp) Content-return: prohibited Date: Fri, 01 Dec 2000 13:49:03 +1100 From: Peter Jeremy Subject: Re: gcc __attributes for format strings In-reply-to: <200011271604.eARG49V29464@troutmask.apl.washington.edu>; from sgk@troutmask.apl.washington.edu on Mon, Nov 27, 2000 at 08:04:09AM -0800 To: Steve Kargl Cc: audit@FreeBSD.ORG Mail-followup-to: Steve Kargl , audit@FreeBSD.ORG Message-id: <20001201134903.H1474@gsmx07.alcatel.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5i References: <20001126222048.A46809@citusc17.usc.edu> <200011271604.eARG49V29464@troutmask.apl.washington.edu> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 2000-Nov-27 08:04:09 -0800, Steve Kargl wrote: >Kris Kennaway wrote: >> Okay, looks like we can play with some gcc attributes to flag things >> as format strings. For example: >> > >[snip] > >> We need to go through and prototype functions appropriately (in >> headers, or internally) - I think it's possible to fix all of the >> -Wnon-const-format warnings this way. > >Are gcc attributes C89 or C99 features? If not, you probably >want to ask bde about sprinkling gcc only features throughout >the header files. In general, gcc attributes are not directly put in the code. Rather there are a series of macros in which map 4.4BSD attributes onto compiler-specific attributes. If we move to a different compiler, we just need to change cdefs.h Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 30 18:55:15 2000 Delivered-To: freebsd-audit@freebsd.org Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27]) by hub.freebsd.org (Postfix) with ESMTP id 98D5A37B400; Thu, 30 Nov 2000 18:55:12 -0800 (PST) Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1]) by netau1.alcanet.com.au (8.9.3 (PHNE_18979)/8.9.3) with ESMTP id NAA15122; Fri, 1 Dec 2000 13:55:09 +1100 (EDT) Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au (PMDF V5.2-32 #37641) with ESMTP id <01JX6XO5XP7KE7XDDI@cim.alcatel.com.au>; Fri, 1 Dec 2000 13:55:07 +1100 Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.11.0/8.11.0) id eB12t5b03254; Fri, 01 Dec 2000 13:55:05 +1100 (EST envelope-from jeremyp) Content-return: prohibited Date: Fri, 01 Dec 2000 13:55:05 +1100 From: Peter Jeremy Subject: Re: gcc __attributes for format strings In-reply-to: <20001126222048.A46809@citusc17.usc.edu>; from kris@FreeBSD.ORG on Sun, Nov 26, 2000 at 10:20:48PM -0800 To: Kris Kennaway Cc: audit@FreeBSD.ORG Mail-followup-to: Kris Kennaway , audit@FreeBSD.ORG Message-id: <20001201135505.I1474@gsmx07.alcatel.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5i References: <20001126222048.A46809@citusc17.usc.edu> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 2000-Nov-26 22:20:48 -0800, Kris Kennaway wrote: >+static void msgDebug(char *, ...) __printf0like(1,0); Should be +static void msgDebug(char *, ...) __printf0like(1,2); `2' indicates that the first format argument is argument 2. `0' indicates that the format arguments are passed as a va_list, eg int fprintf(FILE *, const char *, ...) __printflike(2,3); int vfprintf(FILE *, const char *, va_list) __printflike(2,0); Note that (at least with older gcc's), the attribute only works on the function declaration (prototype), not on the definition. I think doing this throughout the source would be an excellent idea (but fairly time-consuming). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 30 19:36:21 2000 Delivered-To: freebsd-audit@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 0F15737B400 for ; Thu, 30 Nov 2000 19:36:20 -0800 (PST) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id eB13a0X06210; Thu, 30 Nov 2000 19:36:00 -0800 Date: Thu, 30 Nov 2000 19:36:00 -0800 From: Brooks Davis To: Peter Jeremy Cc: Steve Kargl , audit@FreeBSD.ORG Subject: Re: gcc __attributes for format strings Message-ID: <20001130193600.A4439@Odin.AC.HMC.Edu> References: <20001126222048.A46809@citusc17.usc.edu> <200011271604.eARG49V29464@troutmask.apl.washington.edu> <20001201134903.H1474@gsmx07.alcatel.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001201134903.H1474@gsmx07.alcatel.com.au>; from peter.jeremy@alcatel.com.au on Fri, Dec 01, 2000 at 01:49:03PM +1100 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Dec 01, 2000 at 01:49:03PM +1100, Peter Jeremy wrote: > In general, gcc attributes are not directly put in the code. Rather > there are a series of macros in which map 4.4BSD > attributes onto compiler-specific attributes. If we move to a > different compiler, we just need to change cdefs.h Too bad this won't work in general. As far as I can tell, Solaris and IRIX use magic comments like so [from IRIX 6.4]: /* PRINTFLIKE2 */ extern int fprintf(FILE *, const char *, ...); /* SCANFLIKE2 */ extern int fscanf(FILE *, const char *, ...); They don't appear to have any support for __dead2 like declerations on non-returning functions though. MSVC++ has __declspec(blah) before the function decleration, but they don't seem to have any printf verification support, just noreturn. ISO should pull it's head out of it's ass and declare a standard. This information is just too useful for a compiler not to have access to it when trying to catch stupid user tricks. Of the options I found last week when I was looking, I like gcc's __attribute__ best. The current state of the world pretty much sucks. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 30 20:11:39 2000 Delivered-To: freebsd-audit@freebsd.org Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27]) by hub.freebsd.org (Postfix) with ESMTP id AEE8137B400 for ; Thu, 30 Nov 2000 20:11:35 -0800 (PST) Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1]) by netau1.alcanet.com.au (8.9.3 (PHNE_18979)/8.9.3) with ESMTP id PAA24762; Fri, 1 Dec 2000 15:11:30 +1100 (EDT) Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au (PMDF V5.2-32 #37641) with ESMTP id <01JX70CP9UG0E7XCIK@cim.alcatel.com.au>; Fri, 1 Dec 2000 15:11:25 +1100 Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.11.0/8.11.0) id eB14BLW03530; Fri, 01 Dec 2000 15:11:21 +1100 (EST envelope-from jeremyp) Content-return: prohibited Date: Fri, 01 Dec 2000 15:11:21 +1100 From: Peter Jeremy Subject: Re: gcc __attributes for format strings In-reply-to: <20001130193600.A4439@Odin.AC.HMC.Edu>; from brooks@one-eyed-alien.net on Thu, Nov 30, 2000 at 07:36:00PM -0800 To: Brooks Davis Cc: audit@FreeBSD.ORG Mail-followup-to: Brooks Davis , audit@FreeBSD.ORG Message-id: <20001201151121.J1474@gsmx07.alcatel.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5i References: <20001126222048.A46809@citusc17.usc.edu> <200011271604.eARG49V29464@troutmask.apl.washington.edu> <20001201134903.H1474@gsmx07.alcatel.com.au> <20001130193600.A4439@Odin.AC.HMC.Edu> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 2000-Nov-30 19:36:00 -0800, Brooks Davis wrote: >On Fri, Dec 01, 2000 at 01:49:03PM +1100, Peter Jeremy wrote: >> In general, gcc attributes are not directly put in the code. Rather >> there are a series of macros in which map 4.4BSD >> attributes onto compiler-specific attributes. If we move to a >> different compiler, we just need to change cdefs.h > >Too bad this won't work in general. I know. The ANSI standard reserved #pragma for these sorts of compiler hints. Unfortunately, #pragma is totally useless for portable code. The GCC documentation says it best: " Some people object to the `__attribute__' feature, suggesting that ANSI C's `#pragma' should be used instead. There are two reasons for not doing this. 1. It is impossible to generate `#pragma' commands from a macro. 2. There is no telling what the same `#pragma' might mean in another compiler. These two reasons apply to almost any application that might be proposed for `#pragma'. It is basically a mistake to use `#pragma' for _anything_." > ISO should pull it's head out of it's ass and declare a standard. It needs to declare a standard that is useful and extensible. #pragma only achieves the latter but by having a null set of standard meanings and not allowing macros, it totally fails to be useful. Using magic comment strings has a fairly long history, but is similarly useless due to its inability to be used with macros. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 30 20:16:28 2000 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E38D437B400; Thu, 30 Nov 2000 20:16:24 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id eB14GNf06909; Thu, 30 Nov 2000 23:16:24 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Thu, 30 Nov 2000 23:16:23 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: audit@FreeBSD.org Cc: security-officer@FreeBSD.org Subject: Solicitation for auditing process announcement Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John Baldwin made the recommendation that we should be more generally announcing and recommending the use of audit@ as a source of reviews. As such, I'd like for us to send out a two-fold announcement, first indicating that audit@ is willing to do review-on-demand and should be used, especially for security-oriented commits (changes to kernel security code, daemons running with privilege, and setugid binaries). Also, to appeal for those willing to help do code reviews for security purposes. I'll probably draft something up tomorrow, but wanted to solicit comments on the best way to phrase it, what ideas I should be presenting, and so on. I'd really like to pursuade our less security-sensitive committers that there is a reviewing resource available that can help improve their code, and pursuade those willing to do reviews that this can be a forum for doing so. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 30 20:46:24 2000 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2DCA637B400 for ; Thu, 30 Nov 2000 20:46:22 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id eB14k8f07212; Thu, 30 Nov 2000 23:46:08 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Thu, 30 Nov 2000 23:46:08 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Matthew Jacob Cc: audit@FreeBSD.org Subject: Re: Solicitation for auditing process announcement In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 30 Nov 2000, Matthew Jacob wrote: > >indicating that audit@ is willing to do review-on-demand and should be > > What does 'review on demand' mean? It means that we're too laid back to have figured out rigorous, pro-active re-auditing of the source tree, and instead we sit there and wait until someone e-mails audit@ saying, ``I'm going to make the following stupid changes to the following setuid binaries, could you take a look and OK them before I drive-by commit them twenty minutes before the release?'' Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 30 20:50:25 2000 Delivered-To: freebsd-audit@freebsd.org Received: from feral.com (feral.com [192.67.166.1]) by hub.freebsd.org (Postfix) with ESMTP id 7F9CB37B400; Thu, 30 Nov 2000 20:50:23 -0800 (PST) Received: from beppo (beppo [192.67.166.79]) by feral.com (8.9.3/8.9.3) with ESMTP id UAA29118; Thu, 30 Nov 2000 20:50:27 -0800 Date: Thu, 30 Nov 2000 20:50:27 -0800 (PST) From: Matthew Jacob Reply-To: mjacob@feral.com To: Robert Watson Cc: audit@FreeBSD.org Subject: Re: Solicitation for auditing process announcement In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well, that describes what I thought the audit list was supposed to be. I'm just trying to figure out whether subscription to audit@ implies an obligation to review things sent to audit@. That comes from the 'review on demand' phrase. However, your usage of 'drive-by commit' sounds to me that the audit@ list is more like a get out of jail free card .... I was just curious what you meant by the 'demand' portion. Really, just an idle question as I ponder which one of my 8 different projects to desultorily whack on some more tonite. On Thu, 30 Nov 2000, Robert Watson wrote: > > On Thu, 30 Nov 2000, Matthew Jacob wrote: > > > >indicating that audit@ is willing to do review-on-demand and should be > > > > What does 'review on demand' mean? > > It means that we're too laid back to have figured out rigorous, pro-active > re-auditing of the source tree, and instead we sit there and wait until > someone e-mails audit@ saying, ``I'm going to make the following stupid > changes to the following setuid binaries, could you take a look and OK > them before I drive-by commit them twenty minutes before the release?'' > > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Nov 30 22:52:29 2000 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 21ADE37B400 for ; Thu, 30 Nov 2000 22:52:26 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id eB16qOB195711 for ; Fri, 1 Dec 2000 01:52:24 -0500 (EST) Received: from muriel.penguinpowered.com ([198.82.100.195]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G4V004RDN3B33@gkar.cc.vt.edu> for FreeBSD-audit@freebsd.org; Fri, 1 Dec 2000 01:52:23 -0500 (EST) Date: Fri, 01 Dec 2000 01:52:23 -0500 (EST) From: Mike Heffner Subject: manctl(8) tempfile fix To: FreeBSD-audit Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.4 on FreeBSD Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 8bit X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This patch changes manctl(8) to use mktemp rather than shell pid substitution for tempfile names. Reviews? --- manctl.sh.orig Fri Dec 1 01:24:35 2000 +++ manctl.sh Fri Dec 1 01:42:39 2000 @@ -94,12 +94,13 @@ else if [ $2 != "symbolic" ] ; then echo gunzipping page $pname 1>&2 - gunzip -c $pname > /tmp/manager.$$ + temp=`mktemp /tmp/managerXXXXXXXXXX` || exit 1 + gunzip -c $pname > $temp chmod u+w $pname - cp /tmp/manager.$$ $pname + cp $temp $pname chmod 444 $pname mv $pname $fname.$sect - rm /tmp/manager.$$ + rm -f $temp else # skip symlinks - this can be # a program like expn, which is @@ -180,11 +181,13 @@ ln ../$2 $fname else echo inlining page $fname 1>&2 + temp=`mktemp /tmp/managerXXXXXXXXXX` || exit 1 cat $fname | \ - (cd .. ; soelim ) > /tmp/manager.$$ + (cd .. ; soelim ) > $temp chmod u+w $fname - cp /tmp/manager.$$ $fname + cp $temp $fname chmod 444 $fname + rm -f $temp fi } @@ -279,13 +282,14 @@ else if [ $2 != "symbolic" ] ; then echo gzipping page $pname 1>&2 + temp=`mktemp /tmp/managerXXXXXXXXXX` || exit 1 cat $pname | \ - (cd .. ; soelim )| gzip -c -- > /tmp/manager.$$ + (cd .. ; soelim )| gzip -c -- > $temp chmod u+w $pname - cp /tmp/manager.$$ $pname + cp $temp $pname chmod 444 $pname mv $pname $pname.gz - rm /tmp/manager.$$ + rm -f $temp else # skip symlink - this can be # a program like expn, which is -- Mike Heffner Blacksburg, VA ICQ# 882073 http://my.ispchannel.com/~mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Dec 1 14: 6:13 2000 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 82D6337B400 for ; Fri, 1 Dec 2000 14:06:08 -0800 (PST) Received: from earth.causticlabs.com (oca-c1s3-18.mfi.net [209.26.94.111]) by peitho.fxp.org (Postfix) with ESMTP id D04A213611; Fri, 1 Dec 2000 17:06:09 -0500 (EST) Received: by earth.causticlabs.com (Postfix, from userid 1000) id DC5CC1F5C; Fri, 1 Dec 2000 17:06:20 -0500 (EST) Date: Fri, 1 Dec 2000 17:06:20 -0500 From: Chris Faulhaber To: Mike Heffner Cc: FreeBSD-audit Subject: Re: manctl(8) tempfile fix Message-ID: <20001201170620.A20094@earth.causticlabs.com> Mail-Followup-To: Chris Faulhaber , Mike Heffner , FreeBSD-audit References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@vt.edu on Fri, Dec 01, 2000 at 01:52:23AM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Dec 01, 2000 at 01:52:23AM -0500, Mike Heffner wrote: > This patch changes manctl(8) to use mktemp rather than shell pid substitution > for tempfile names. Reviews? > > > --- manctl.sh.orig Fri Dec 1 01:24:35 2000 > +++ manctl.sh Fri Dec 1 01:42:39 2000 > @@ -94,12 +94,13 @@ > else > if [ $2 != "symbolic" ] ; then > echo gunzipping page $pname 1>&2 > - gunzip -c $pname > /tmp/manager.$$ > + temp=`mktemp /tmp/managerXXXXXXXXXX` || exit 1 It might be better with: temp='mktemp -t manager` || exit 1 allowing mktemp(1) to use the user's TMPDIR or system's _PATH_TMP instead of hardcoding /tmp... > + gunzip -c $pname > $temp > chmod u+w $pname > - cp /tmp/manager.$$ $pname > + cp $temp $pname > chmod 444 $pname > mv $pname $fname.$sect > - rm /tmp/manager.$$ > + rm -f $temp > else > # skip symlinks - this can be > # a program like expn, which is > @@ -180,11 +181,13 @@ > ln ../$2 $fname > else > echo inlining page $fname 1>&2 > + temp=`mktemp /tmp/managerXXXXXXXXXX` || exit 1 > cat $fname | \ ...see above... > - (cd .. ; soelim ) > /tmp/manager.$$ > + (cd .. ; soelim ) > $temp > chmod u+w $fname > - cp /tmp/manager.$$ $fname > + cp $temp $fname > chmod 444 $fname > + rm -f $temp > fi > } > > @@ -279,13 +282,14 @@ > else > if [ $2 != "symbolic" ] ; then > echo gzipping page $pname 1>&2 > + temp=`mktemp /tmp/managerXXXXXXXXXX` || exit 1 > cat $pname | \ ...see above... > - (cd .. ; soelim )| gzip -c -- > /tmp/manager.$$ > + (cd .. ; soelim )| gzip -c -- > $temp > chmod u+w $pname > - cp /tmp/manager.$$ $pname > + cp $temp $pname > chmod 444 $pname > mv $pname $pname.gz > - rm /tmp/manager.$$ > + rm -f $temp > else > # skip symlink - this can be > # a program like expn, which is > ...otherwise, looks ok -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Dec 1 14:52:17 2000 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193]) by hub.freebsd.org (Postfix) with ESMTP id 506D337B400 for ; Fri, 1 Dec 2000 14:52:14 -0800 (PST) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id eB1MqCB326912; Fri, 1 Dec 2000 17:52:12 -0500 (EST) Received: from muriel.penguinpowered.com ([198.82.100.195]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) with ESMTP id <0G4W00C4DVIZ5H@gkar.cc.vt.edu>; Fri, 1 Dec 2000 17:52:11 -0500 (EST) Date: Fri, 01 Dec 2000 17:52:11 -0500 (EST) From: Mike Heffner Subject: Re: manctl(8) tempfile fix In-reply-to: <20001201170620.A20094@earth.causticlabs.com> To: Chris Faulhaber Cc: FreeBSD-audit Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.4.4 on FreeBSD Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 8bit X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 01-Dec-2000 Chris Faulhaber wrote: | > | > --- manctl.sh.orig Fri Dec 1 01:24:35 2000 | > +++ manctl.sh Fri Dec 1 01:42:39 2000 | > @@ -94,12 +94,13 @@ | > else | > if [ $2 != "symbolic" ] ; then | > echo gunzipping page $pname 1>&2 | > - gunzip -c $pname > /tmp/manager.$$ | > + temp=`mktemp /tmp/managerXXXXXXXXXX` || | > exit 1 | | It might be better with: | | temp='mktemp -t manager` || exit 1 | | allowing mktemp(1) to use the user's TMPDIR or system's _PATH_TMP instead | of hardcoding /tmp... | Alright, I was considering this, but I figured I would leave it how it was, anyways here's a new patch: --- manctl.sh.orig Fri Dec 1 01:24:35 2000 +++ manctl.sh Fri Dec 1 17:48:47 2000 @@ -94,12 +94,13 @@ else if [ $2 != "symbolic" ] ; then echo gunzipping page $pname 1>&2 - gunzip -c $pname > /tmp/manager.$$ + temp=`mktemp -t manager` || exit 1 + gunzip -c $pname > $temp chmod u+w $pname - cp /tmp/manager.$$ $pname + cp $temp $pname chmod 444 $pname mv $pname $fname.$sect - rm /tmp/manager.$$ + rm -f $temp else # skip symlinks - this can be # a program like expn, which is @@ -180,11 +181,13 @@ ln ../$2 $fname else echo inlining page $fname 1>&2 + temp=`mktemp -t manager` || exit 1 cat $fname | \ - (cd .. ; soelim ) > /tmp/manager.$$ + (cd .. ; soelim ) > $temp chmod u+w $fname - cp /tmp/manager.$$ $fname + cp $temp $fname chmod 444 $fname + rm -f $temp fi } @@ -279,13 +282,14 @@ else if [ $2 != "symbolic" ] ; then echo gzipping page $pname 1>&2 + temp=`mktemp -t manager` || exit 1 cat $pname | \ - (cd .. ; soelim )| gzip -c -- > /tmp/manager.$$ + (cd .. ; soelim )| gzip -c -- > $temp chmod u+w $pname - cp /tmp/manager.$$ $pname + cp $temp $pname chmod 444 $pname mv $pname $pname.gz - rm /tmp/manager.$$ + rm -f $temp else # skip symlink - this can be # a program like expn, which is -- Mike Heffner Blacksburg, VA ICQ# 882073 http://my.ispchannel.com/~mheffner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Dec 2 4:54:16 2000 Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 2028B37B400 for ; Sat, 2 Dec 2000 04:54:10 -0800 (PST) Received: from earth.causticlabs.com (oca-c1s1-18.mfi.net [209.26.94.19]) by peitho.fxp.org (Postfix) with ESMTP id 874081360E for ; Sat, 2 Dec 2000 07:54:12 -0500 (EST) Received: by earth.causticlabs.com (Postfix, from userid 1000) id 114311F5C; Sat, 2 Dec 2000 07:54:33 -0500 (EST) Date: Sat, 2 Dec 2000 07:54:33 -0500 From: Chris Faulhaber To: freebsd-audit@FreeBSD.org Subject: newsyslog(8) fixes Message-ID: <20001202075433.A20840@earth.causticlabs.com> Mail-Followup-To: Chris Faulhaber , freebsd-audit@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The following patch corrects the following: o Fix MAXHOSTNAMELEN usage ([MAXHOSTNAMELEN + 1] -> [MAXHOSTNAMELEN]) o Fix MAXPATHLEN usage ([MAXPATHLEN + 1] -> [MAXPATHLEN]) o Check return values of malloc() and strdup() o Fix strcpy()/strcat()/sprintf() usage with strlcpy()/snprintf Comments? Also, I have quite a few small patches for review at: http://www.fxp.org/~jedgar/FreeBSD/diffs/ (mostly malloc()/strdup() return value checks along with other nits) -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org Index: newsyslog.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/newsyslog/newsyslog.c,v retrieving revision 1.29 diff -u -r1.29 newsyslog.c --- newsyslog.c 2000/08/15 09:34:41 1.29 +++ newsyslog.c 2000/12/01 15:12:08 @@ -92,7 +92,7 @@ #define MIN_PID 5 #define MAX_PID 99999 /* was lower, see /usr/include/sys/proc.h */ -char hostname[MAXHOSTNAMELEN + 1]; /* hostname */ +char hostname[MAXHOSTNAMELEN]; /* hostname */ char *daytime; /* timenow in human readable form */ static struct conf_entry *parse_file(char **files); @@ -290,13 +290,16 @@ } if (!first) { - working = (struct conf_entry *) malloc(sizeof(struct conf_entry)); + if ((working = (struct conf_entry *) malloc(sizeof(struct conf_entry))) == NULL) + err(1, "malloc"); first = working; } else { - working->next = (struct conf_entry *) malloc(sizeof(struct conf_entry)); + if ((working->next = (struct conf_entry *) malloc(sizeof(struct conf_entry))) == NULL) + err(1, "malloc"); working = working->next; } - working->log = strdup(q); + if ((working->log = strdup(q)) == NULL) + err(1, "strdup"); q = parse = missing_field(sob(++parse), errline); parse = son(parse); @@ -474,9 +477,9 @@ dotrim(char *log, char *pid_file, int numdays, int flags, int perm, int owner_uid, int group_gid, int sig) { - char dirpart[MAXPATHLEN + 1], namepart[MAXPATHLEN + 1]; - char file1[MAXPATHLEN + 1], file2[MAXPATHLEN + 1]; - char zfile1[MAXPATHLEN + 1], zfile2[MAXPATHLEN + 1]; + char dirpart[MAXPATHLEN], namepart[MAXPATHLEN]; + char file1[MAXPATHLEN], file2[MAXPATHLEN]; + char zfile1[MAXPATHLEN], zfile2[MAXPATHLEN]; int notified, need_notification, fd, _numdays; struct stat st; pid_t pid; @@ -496,15 +499,15 @@ /* build complete name of archive directory into dirpart */ if (*archdirname == '/') { /* absolute */ - strcpy(dirpart, archdirname); + strlcpy(dirpart, archdirname, sizeof(dirpart)); } else { /* relative */ /* get directory part of logfile */ - strcpy(dirpart, log); + strlcpy(dirpart, log, sizeof(dirpart)); if ((p = rindex(dirpart, '/')) == NULL) dirpart[0] = '\0'; else *(p + 1) = '\0'; - strcat(dirpart, archdirname); + strlcat(dirpart, archdirname, sizeof(dirpart)); } /* check if archive directory exists, if not, create it */ @@ -513,19 +516,19 @@ /* get filename part of logfile */ if ((p = rindex(log, '/')) == NULL) - strcpy(namepart, log); + strlcpy(namepart, log, sizeof(namepart)); else - strcpy(namepart, p + 1); + strlcpy(namepart, p + 1, sizeof(namepart)); /* name of oldest log */ - (void) sprintf(file1, "%s/%s.%d", dirpart, namepart, numdays); - (void) strcpy(zfile1, file1); - (void) strcat(zfile1, COMPRESS_POSTFIX); + (void) snprintf(file1, sizeof(file1), "%s/%s.%d", dirpart, namepart, numdays); + (void) snprintf(zfile1, sizeof(zfile1), "%s%s", file1, + COMPRESS_POSTFIX); } else { /* name of oldest log */ - (void) sprintf(file1, "%s.%d", log, numdays); - (void) strcpy(zfile1, file1); - (void) strcat(zfile1, COMPRESS_POSTFIX); + (void) snprintf(file1, sizeof(file1), "%s.%d", log, numdays); + (void) snprintf(zfile1, sizeof(zfile1), "%s%s", file1, + COMPRESS_POSTFIX); } if (noaction) { @@ -540,18 +543,18 @@ _numdays = numdays; /* preserve */ while (numdays--) { - (void) strcpy(file2, file1); + (void) strlcpy(file2, file1, sizeof(file2)); if (archtodir) - (void) sprintf(file1, "%s/%s.%d", dirpart, namepart, numdays); + (void) snprintf(file1, sizeof(file1), "%s/%s.%d", dirpart, namepart, numdays); else - (void) sprintf(file1, "%s.%d", log, numdays); + (void) snprintf(file1, sizeof(file1), "%s.%d", log, numdays); - (void) strcpy(zfile1, file1); - (void) strcpy(zfile2, file2); + (void) strlcpy(zfile1, file1, sizeof(zfile1)); + (void) strlcpy(zfile2, file2, sizeof(zfile2)); if (lstat(file1, &st)) { - (void) strcat(zfile1, COMPRESS_POSTFIX); - (void) strcat(zfile2, COMPRESS_POSTFIX); + (void) strlcat(zfile1, COMPRESS_POSTFIX, sizeof(zfile1)); + (void) strlcat(zfile2, COMPRESS_POSTFIX, sizeof(zfile2)); if (lstat(zfile1, &st)) continue; } @@ -633,7 +636,7 @@ sleep(10); } if (archtodir) { - (void) sprintf(file1, "%s/%s", dirpart, namepart); + (void) snprintf(file1, sizeof(file1), "%s/%s", dirpart, namepart); compress_log(file1); } else { compress_log(log); @@ -662,9 +665,9 @@ compress_log(char *log) { pid_t pid; - char tmp[MAXPATHLEN + 1]; + char tmp[MAXPATHLEN]; - (void) sprintf(tmp, "%s.0", log); + (void) snprintf(tmp, sizeof(tmp), "%s.0", log); pid = fork(); if (pid < 0) err(1, "fork"); @@ -697,26 +700,26 @@ /* build name of archive directory into tmp */ if (*archdirname == '/') { /* absolute */ - strcpy(tmp, archdirname); + strlcpy(tmp, archdirname, sizeof(tmp)); } else { /* relative */ /* get directory part of logfile */ - strcpy(tmp, file); + strlcpy(tmp, file, sizeof(tmp)); if ((p = rindex(tmp, '/')) == NULL) tmp[0] = '\0'; else *(p + 1) = '\0'; - strcat(tmp, archdirname); + strlcat(tmp, archdirname, sizeof(tmp)); } - strcat(tmp, "/"); + strlcat(tmp, "/", sizeof(tmp)); /* get filename part of logfile */ if ((p = rindex(file, '/')) == NULL) - strcat(tmp, file); + strlcat(tmp, file, sizeof(tmp)); else - strcat(tmp, p + 1); + strlcat(tmp, p + 1, sizeof(tmp)); } else { - (void) strcpy(tmp, file); + (void) strlcpy(tmp, file, sizeof(tmp)); } if (stat(strcat(tmp, ".0"), &sb) < 0) @@ -886,7 +889,7 @@ createdir(char *dirpart) { char *s, *d; - char mkdirpath[MAXPATHLEN + 1]; + char mkdirpath[MAXPATHLEN]; struct stat st; s = dirpart; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Dec 2 8:35:23 2000 Delivered-To: freebsd-audit@freebsd.org Received: from mailout05.sul.t-online.com (mailout05.sul.t-online.com [194.25.134.82]) by hub.freebsd.org (Postfix) with ESMTP id C3C4037B400 for ; Sat, 2 Dec 2000 08:35:18 -0800 (PST) Received: from fwd05.sul.t-online.com by mailout05.sul.t-online.com with smtp id 142FcK-0001TJ-07; Sat, 02 Dec 2000 17:34:28 +0100 Received: from neutron.cichlids.com (520050424122-0001@[62.225.195.29]) by fmrl05.sul.t-online.com with esmtp id 142FcG-1lW8fYC; Sat, 2 Dec 2000 17:34:24 +0100 Received: from cichlids.cichlids.com (cichlids.cichlids.com [192.168.0.10]) by neutron.cichlids.com (Postfix) with ESMTP id 244E7AB91; Sat, 2 Dec 2000 17:36:30 +0100 (CET) Received: by cichlids.cichlids.com (Postfix, from userid 1001) id 116E614A63; Sat, 2 Dec 2000 17:34:38 +0100 (CET) Date: Sat, 2 Dec 2000 17:34:37 +0100 To: =?iso-8859-1?Q?Joachim_Str=F6mbergson?= Cc: Kris Kennaway , audit@FreeBSD.ORG Subject: Re: Project for auditors Message-ID: <20001202173437.B33987@cichlids.cichlids.com> References: <20001124143336.A70550@citusc17.usc.edu> <3A2141A0.7BF149C4@ludd.luth.se> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <3A2141A0.7BF149C4@ludd.luth.se>; from watchman@ludd.luth.se on Sun, Nov 26, 2000 at 06:00:16PM +0100 X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8 A8 E3 BA F3 4E 60 7D 7F X-PGP-at: finger alex@big.endian.de X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung. From: alex@big.endian.de (Alexander Langer) X-Sender: 520050424122-0001@t-dialin.net Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thus spake Joachim Strömbergson (watchman@ludd.luth.se): > Also, in the quit.c the temp file is deleted by rm(tempname) on line > 448. Should I use unlink() instead? I don't know how the tmpfile is used, but what about unlinking it right after opening the file but keeping the fd open? If you then unlink again and it returns 0, you should re-create a tempfile and use the same procedure (because usually it shouldn't exist any more...) (Warning: Maybe I'm having a wrong understanding of the unlink stuff at the moment) Alex -- cat: /home/alex/.sig: No such file or directory To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message