From owner-freebsd-audit  Mon Sep 17  1:31:15 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP id 70EEE37B403
	for <freebsd-audit@FreeBSD.ORG>; Mon, 17 Sep 2001 01:31:07 -0700 (PDT)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f8H8Sa960317;
	Mon, 17 Sep 2001 11:28:36 +0300 (EEST)
	(envelope-from ru)
Date: Mon, 17 Sep 2001 11:28:36 +0300
From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: "Andrew R. Reiter" <arr@watson.org>
Cc: freebsd-audit@FreeBSD.ORG
Subject: Re: dungeon master patch
Message-ID: <20010917112836.D48120@sunbay.com>
References: <20010914123454.B82568@sunbay.com> <Pine.NEB.3.96L.1010914150236.20183A-200000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.NEB.3.96L.1010914150236.20183A-200000@fledge.watson.org>; from arr@watson.org on Fri, Sep 14, 2001 at 03:03:17PM -0400
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

Andrew,

This isn't quite good either -- it silently truncates lines that
are bigger than the allowed amount.  How about this instead?

Also, fgetln(3) could be used in place of fgets(3) to read lines
of an arbitrary length, modulo the "last line doesn't end with
newline" issue.

On a side note, I think that we may safely replace strcasecmp()
with strcmp(), as in the original version the first letter of each
known keyword is checked against its lower case.

It could also be easily WARNSified at level 2 by attributing argc
with __unused.

Index: dm.c
===================================================================
RCS file: /home/ncvs/src/games/dm/dm.c,v
retrieving revision 1.8
diff -u -p -r1.8 dm.c
--- dm.c	1999/12/10 02:54:18	1.8
+++ dm.c	2001/09/17 08:23:43
@@ -135,30 +135,40 @@ void
 read_config()
 {
 	FILE *cfp;
-	char lbuf[BUFSIZ], f1[40], f2[40], f3[40], f4[40], f5[40];
+	char *lbuf, *f1, *f2, *f3, *f4, *f5;
+	size_t len;
 
 	if (!(cfp = fopen(_PATH_CONFIG, "r")))
 		return;
-	while (fgets(lbuf, sizeof(lbuf), cfp))
-		switch(*lbuf) {
-		case 'b':		/* badtty */
-			if (sscanf(lbuf, "%s%s", f1, f2) != 2 ||
-			    strcasecmp(f1, "badtty"))
-				break;
+	while ((lbuf = fgetln(cfp, &len)) != NULL) {
+		if (lbuf[len - 1] == '\n')
+			lbuf[len - 1] = '\0';
+		else
+			break;		/* Silently ignore. */
+		if ((f1 = strtok(lbuf, " \t")) == NULL)
+			continue;
+		if (strcasecmp(f1, "badtty") == 0) {
+			f2 = strtok(NULL, " \t");
+			if (f2 == NULL)
+				continue;
 			c_tty(f2);
-			break;
-		case 'g':		/* game */
-			if (sscanf(lbuf, "%s%s%s%s%s",
-			    f1, f2, f3, f4, f5) != 5 || strcasecmp(f1, "game"))
-				break;
+		} else if (strcasecmp(f1, "game") == 0) {
+			f2 = strtok(NULL, " \t");
+			f3 = strtok(NULL, " \t");
+			f4 = strtok(NULL, " \t");
+			f5 = strtok(NULL, " \t");
+			if (f5 == NULL)
+				continue;
 			c_game(f2, f3, f4, f5);
-			break;
-		case 't':		/* time */
-			if (sscanf(lbuf, "%s%s%s%s", f1, f2, f3, f4) != 4 ||
-			    strcasecmp(f1, "time"))
-				break;
+		} else if (strcasecmp(f1, "time") == 0) {
+			f2 = strtok(NULL, " \t");
+			f3 = strtok(NULL, " \t");
+			f4 = strtok(NULL, " \t");
+			if (f4 == NULL)
+				continue;
 			c_day(f2, f3, f4);
 		}
+	}
 	(void)fclose(cfp);
 }
 
On Fri, Sep 14, 2001 at 03:03:17PM -0400, Andrew R. Reiter wrote:
> --- dm.c.orig	Fri Sep 14 14:00:12 2001
> +++ dm.c	Fri Sep 14 14:03:07 2001
> @@ -142,20 +142,20 @@
>  	while (fgets(lbuf, sizeof(lbuf), cfp))
>  		switch(*lbuf) {
>  		case 'b':		/* badtty */
> -			if (sscanf(lbuf, "%s%s", f1, f2) != 2 ||
> +			if (sscanf(lbuf, "%39s%39s", f1, f2) != 2 ||
>  			    strcasecmp(f1, "badtty"))
>  				break;
>  			c_tty(f2);
>  			break;
>  		case 'g':		/* game */
> -			if (sscanf(lbuf, "%s%s%s%s%s",
> +			if (sscanf(lbuf, "%39s%39s%39s%39s%39s",
>  			    f1, f2, f3, f4, f5) != 5 || strcasecmp(f1, "game"))
>  				break;
>  			c_game(f2, f3, f4, f5);
>  			break;
>  		case 't':		/* time */
> -			if (sscanf(lbuf, "%s%s%s%s", f1, f2, f3, f4) != 4 ||
> -			    strcasecmp(f1, "time"))
> +			if (sscanf(lbuf, "%39s%39s%39s%39s", 
> +		 	    f1, f2, f3, f4) != 4 || strcasecmp(f1, "time"))
>  				break;
>  			c_day(f2, f3, f4);
>  		}


-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message