Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Oct 1995 19:19:54 -0700 (MST)
From:      Terry Lambert <terry@lambert.org>
To:        bde@zeta.org.au (Bruce Evans)
Cc:        jc@irbs.com, terry@lambert.org, freebsd-current@freefall.freebsd.org
Subject:   Re: phkmalloc and X programs
Message-ID:  <199510150219.TAA22252@phaeton.artisoft.com>
In-Reply-To: <199510142235.IAA27701@godzilla.zeta.org.au> from "Bruce Evans" at Oct 15, 95 08:35:20 am
next in thread | previous in thread | raw e-mail | index | archive | help 
> 
> >> Here is another broken X program.  Notice the assumption that
> >> malloc() returns zeroed memory.
> >> 
> >> xhost.c:
> >> 
> >>     namelen = strlen(name);
> >>     if ((lname = (char *)malloc(namelen)) == NULL) {
> >>         fprintf (stderr, "%s: malloc bombed in change_host\n", ProgramName);
> >>         exit (1);
> >>     }
> >>     for (i = 0; i < namelen; i++) {
> >>         lname[i] = tolower(name[i]);
> >>     }
> >>     if (!strncmp("inet:", lname, 5)) {
> >>     ...
> >>     ...
> 
> >The only assumption in this code is that namelen is >= 5.
> 
> Nope.  Suppose lname is initially "INOT:" and name is "inet"

Then namelen < 5 (== 4) and the code fails.  I already said that that
was the assumption.  8-).

Probably the "correct" "fix" is to change:
	if (!strncmp("inet:", lname, 5)) {
To:
	if (namelen >= 5 && !strncmp("inet:", lname, 5)) {

> >There is no assumption of numm termination on the lname string implicit
> >in the malloc; if there were, it would be "namelen = strlen(name) + 1;".
> 
> That may be why the author thought that termination was unnecessary.

The author thought that the allocated area was >= 5 for any namelen,
making an assumption about the way the malloc on his system functioned,
such that lname[0..4] was an addressable location.

If the allocated area happened to contain "xxet:" and name was "in", it
would falsely hit positive.

This is statistically highly improbable.  Likely the code will function
in common use anyway.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510150219.TAA22252>