From owner-freebsd-arch  Mon Dec 11 23:31:39 2000
From owner-freebsd-arch@FreeBSD.ORG  Mon Dec 11 23:31:37 2000
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147])
	by hub.freebsd.org (Postfix) with ESMTP id A859A37B400
	for <arch@FreeBSD.ORG>; Mon, 11 Dec 2000 23:31:36 -0800 (PST)
Received: from critter (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.1/8.11.1) with ESMTP id eBC7U5L18192;
	Tue, 12 Dec 2000 08:30:06 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: Matt Dillon <dillon@earth.backplane.com>
Cc: kris@citusc.usc.edu, Dag-Erling Smorgrav <des@ofug.org>,
	arch@FreeBSD.ORG
Subject: Re: Safe string formatting in the kernel 
In-Reply-To: Your message of "Mon, 11 Dec 2000 18:59:41 PST."
             <200012120259.eBC2xfb99004@earth.backplane.com> 
Date: Tue, 12 Dec 2000 08:30:05 +0100
Message-ID: <18190.976606205@critter>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <200012120259.eBC2xfb99004@earth.backplane.com>, Matt Dillon writes:

>    sprintf(), strcpy(), and strcat().  But why not just replace those
>    functions with an snprintf() equivalent?  I don't think we really need
>    a dynamic string allocation mechanism in the kernel, there is virtually
>    nowhere where it would actually be of any use.

There are several places where this new API would make the code
simpler and less prone to overflowable errors.  procfs and various
netgraph nodes spring to mind immediately.

--
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message