From owner-freebsd-audit Thu Jan 18 2:32:37 2001 Delivered-To: freebsd-audit@freebsd.org Received: from hand.dotat.at (sfo-gw.covalent.net [207.44.198.62]) by hub.freebsd.org (Postfix) with ESMTP id 1B2BB37B401 for ; Thu, 18 Jan 2001 02:32:21 -0800 (PST) Received: from fanf by hand.dotat.at with local (Exim 3.15 #3) id 14JCMB-0008yf-00; Thu, 18 Jan 2001 10:31:51 +0000 Date: Thu, 18 Jan 2001 10:31:51 +0000 From: Tony Finch To: Warner Losh Cc: Chris Faulhaber , freebsd-audit@FreeBSD.ORG Subject: Re: strlcat fixes Message-ID: <20010118103151.F30538@hand.dotat.at> References: <20010116174845.A95772@peitho.fxp.org> <200101162305.f0GN51s32264@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200101162305.f0GN51s32264@harmony.village.org> Organization: Covalent Technologies, Inc Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: >In message <20010116174845.A95772@peitho.fxp.org> Chris Faulhaber writes: >: The first ensures that memory is not read if strlcat is >: called with a 0 size, ensuring potentially unallocated >: memory is not read: >: >: - while (*d != '\0' && n-- != 0) >: + while (n-- != 0 && *d != '\0') > >This doesn't matter. The only time this would matter would be if dst >was NULL, which is undefined anyway. There's no reason to change this >and it makes us gratuitously different than OpenBSD. That is not correct. A possible situation in which the old code can blow up is if the dst pointer has been advanced through a malloc()ed array, and for some reason has reached one past the end of the array (a legal pointer value, but not dereferenceable) and is therefore pointing into outer space (past sbrk(0)). Tony. -- f.a.n.finch fanf@covalent.net dot@dotat.at "Because all you of Earth are idiots!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message