Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Oct 1995 18:48:35 -0400 (EDT)
From:      John Capo <jc@irbs.com>
To:        terry@lambert.org (Terry Lambert)
Cc:        jc@irbs.com, freebsd-current@freefall.freebsd.org
Subject:   Re: phkmalloc and X programs
Message-ID:  <199510142248.SAA14930@irbs.irbs.com>
In-Reply-To: <199510142136.OAA21875@phaeton.artisoft.com> from "Terry Lambert" at Oct 14, 95 02:36:26 pm

next in thread | previous in thread | raw e-mail | index | archive | help
Terry Lambert writes:
> 
> > Here is another broken X program.  Notice the assumption that
> > malloc() returns zeroed memory.
> > 
> > xhost.c:
> > 
> >     namelen = strlen(name);
> >     if ((lname = (char *)malloc(namelen)) == NULL) {
> >         fprintf (stderr, "%s: malloc bombed in change_host\n", ProgramName);
> >         exit (1);
> >     }
> >     for (i = 0; i < namelen; i++) {
> >         lname[i] = tolower(name[i]);
> >     }
> >     if (!strncmp("inet:", lname, 5)) {
> >     ...
> >     ...
> 
> The only assumption in this code is that namelen is >= 5.
> 
> There is no assumption of numm termination on the lname string implicit
> in the malloc; if there were, it would be "namelen = strlen(name) + 1;".
> 
> 
Ok, I didn't include enough code fragments.  Further down in the code:

    if (family == FamilyWild && (cp = strchr(lname, ':'))) {
        *cp = '\0';
        fprintf (stderr, "%s: unknown address family \"%s\"\n",
                 ProgramName, lname);
        return 0;
    }

lname is not NULL terminated unless malloc() returns zeroed memory.
I have never seen anything that states that malloc() returns zeroed
memory nor have I seen bzero/memset in the BSD malloc() sources.

Here is the failure:
xhost +cleat
xhost: unknown address family "cleatPPPPPPPPPPP0PPPPPPPPPPPPPPPs0).O\e"
xhost:  bad hostname "cleat"

strchr() wanders off through memory till it finds a ':' or a '\0'. In my case
it finds a ':' not too far away.

John Capo
IRBS Engineering                      High performance FreeBSD systems



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510142248.SAA14930>