From owner-freebsd-ports@FreeBSD.ORG Mon Aug 18 04:19:01 2003 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 111B337B401; Mon, 18 Aug 2003 04:19:01 -0700 (PDT) Received: from mailout02.sul.t-online.com (mailout02.sul.t-online.com [194.25.134.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9B4DF4419C; Mon, 18 Aug 2003 04:18:59 -0700 (PDT) (envelope-from Alexander@Leidinger.net) Received: from fwd02.aul.t-online.de by mailout02.sul.t-online.com with smtp id 19oi2A-0002FH-00; Mon, 18 Aug 2003 13:18:46 +0200 Received: from Andro-Beta.Leidinger.net (TluYfvZCwed-Om9P+yNM3KidWJqYUdQJ7A9v6gzYzKcbG0-SPZCAZ4@[217.229.223.151]) by fmrl02.sul.t-online.com with esmtp id 19oi1t-1y6XT60; Mon, 18 Aug 2003 13:18:29 +0200 Received: from Magelan.Leidinger.net (Magelan [192.168.1.1]) h7IBJT9O044860; Mon, 18 Aug 2003 13:19:29 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from Magelan.Leidinger.net (netchild@localhost [127.0.0.1]) by Magelan.Leidinger.net (8.12.9/8.12.9) with SMTP id h7IBJpZJ062562; Mon, 18 Aug 2003 13:19:51 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Date: Mon, 18 Aug 2003 13:19:51 +0200 From: Alexander Leidinger To: "Chris Knight" Message-Id: <20030818131951.5690fa0e.Alexander@Leidinger.net> In-Reply-To: <03e001c3652c$08a826f0$020aa8c0@aims.private> References: <20030817133824.GA71246@madman.celabo.org> <03e001c3652c$08a826f0$020aa8c0@aims.private> X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd5.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Seen: false X-ID: TluYfvZCwed-Om9P+yNM3KidWJqYUdQJ7A9v6gzYzKcbG0-SPZCAZ4@t-dialin.net cc: "'Jacques A. Vidrine'" cc: ports@freebsd.org cc: audit@freebsd.org Subject: Re: SecFix for databases/firebird, please review X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Aug 2003 11:19:01 -0000 On Mon, 18 Aug 2003 11:57:08 +1000 "Chris Knight" wrote: > > This is bogus... this function should be rewritten so that it passes > > in the size of the `string' argument. One can't just assume it is > > MAXPATHLEN. Also, strlcat would be much nicer and safer here. If you > > can't use strlcat, then one must explicitly NUL-terminate the buffer, > > because strncat may fail to do so. > > > That's what I'm currently in the process of doing - passing in the > size of the buffer to gds__prefix. It gets called with buffer > lengths of 64, 100, 128, 256 and 1024. Ugh... seems I've missed some calls... > I'm probably going to have to use strncat to keep it a bit more > portable. That's the reason why I haven't used strlcat... > > OK, I only looked at the first two patch files, but it is clear that > > this should not be committed. IMHO, I also think this port _should_ > > be removed. But, if you decide to slog through it once more and > > correct some of these problems, we'll be here for another look! > > > I don't particularly like it, but I'm inclined to agree with you - the > port probably should go. I can always maintain the 1.0.x port outside > of the FreeBSD Ports Tree and make it available on my Website with lots > of warning labels. I'll get onto the Firebird 1.5 port pronto, which We can add the warning labels also to the in tree port... > should end this issue and put me out of my current misery. And you're sure 1.5 is better in this regard? Bye, Alexander. -- Give a man a fish and you feed him for a day; teach him to use the Net and he won't bother you for weeks. http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7