Date: Fri, 28 Sep 2007 21:11:51 -0500 (CDT) From: "Sean C. Farley" <scf@FreeBSD.org> To: Bruce Evans <brde@optusnet.com.au> Cc: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, src-committers@FreeBSD.org, cvs-all@FreeBSD.org, cvs-src@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/stdlib getenv.c Message-ID: <alpine.BSF.0.9999.0709282058100.73365@thor.farley.org> In-Reply-To: <20070925044617.O54030@delplex.bde.org> References: <200709220230.l8M2UiRK020609@repoman.freebsd.org> <86r6krqbrd.fsf@ds4.des.no> <20070922202914.B90809@besplex.bde.org> <alpine.BSF.0.9999.0709220905390.52204@thor.farley.org> <20070925044617.O54030@delplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Sep 2007, Bruce Evans wrote: > On Sat, 22 Sep 2007, Sean C. Farley wrote: > >> On Sat, 22 Sep 2007, Bruce Evans wrote: >>> ... >>> Partial analysis: >>> - the size_t variable must have a small value that is representable >>> as an int (else casting it to int would be a bug and/or printing a >>> line of that length would be a style bug). >> >> What would be a good maximum that would fit style? Although still >> fairly big, NL_TEXTMAX for the entire line looks plausible. > > 79 less the length of all other text on the line :-). See below. * snip * >> Hopefully, no environment variables (name=value string) are anywhere >> close in size to size_t. :) > > Ah I see where the value comes from. A malicous user could probably > put > INT_MAX bytes in a single string in the environment on machines > with 32-bit ints, 64 bit address space and lots of RAM, and then > fork() but not exec(). That's close enough to user input for me. See below. * snip * > A more refined version would use something like strvis(), and could > use a smaller limit (with long corrupt strings indicated something > likje debuggers print long binary strings) since this this is only > debugging code, but *env.c is already too large for me. OK. I accepted the challenge to see how hard it would be. Here is a small ;) sample program[1] that fits the bill. Features: - Encodes characters using vis() to protect the tty. - Limits display to 79 characters taking into account encoding. - Shows a continuation string "..." if the string is too long. Unfortunately, it is not small nor simple. The encoding of characters really adds complexity to the function due to variable sizes of encodings. Of course, I could have used strvis(), but that would have limited the number of characters printed to 1/4 of the available space (less than 40 characters based upon the length of the program name) even if no encoding was necessary. I think it would have been easier to just put a '.' in any non-printable character's position. I will see if there is a better way. Sean 1. http://www.farley.org/freebsd/tmp/safe_display.c -- scf@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.0.9999.0709282058100.73365>