From owner-freebsd-arch  Tue Dec 12  6:42:35 2000
From owner-freebsd-arch@FreeBSD.ORG  Tue Dec 12 06:42:34 2000
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id F3F3A37B404; Tue, 12 Dec 2000 06:42:32 -0800 (PST)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id PAA61115;
	Tue, 12 Dec 2000 15:42:29 +0100 (CET)
	(envelope-from des@ofug.org)
Sender: des@ofug.org
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: assar@FreeBSD.ORG
Cc: Matt Dillon <dillon@earth.backplane.com>, kris@citusc.usc.edu,
	arch@FreeBSD.ORG
Subject: Re: Safe string formatting in the kernel
References: <xzpsnnuq1hy.fsf@flood.ping.uio.no> <20001211185610.A1741@citusc.usc.edu> <200012120259.eBC2xfb99004@earth.backplane.com> <5lhf4ap8cv.fsf@assaris.sics.se>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 12 Dec 2000 15:42:29 +0100
In-Reply-To: assar@FreeBSD.ORG's message of "12 Dec 2000 05:32:48 +0100"
Message-ID: <xzpelzd66qy.fsf@flood.ping.uio.no>
Lines: 22
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

assar@FreeBSD.ORG writes:
> Matt Dillon <dillon@earth.backplane.com> writes:
> >     strcpy()	-> sn_strcpy(dst, src, sizeof_destination_buffer)
> >     strcat()	-> sn_strcat(dst, src, sizeof_destination_buffer)
> strlcpy and strlcat.  Why keep the API different for no good reason?

Because there are other issues than just overflowing the buffer.
There's the issue of truncation (a lot of code uses snprintf() etc.
without checking if the resulting string was actually truncated, which
may be a security risk of its own), and there's the issue of using
large amounts of stack space for buffers (procfs and linprocfs are
notorious offenders in both these areas, but they're not the only
ones)

Vulnerabilities were recently found in the procfs code which were
successfully solved with snprintf(), but could have been (and
hopefully will be) solved in a much more elegant and future-proof
manner using sbufs.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message