From owner-freebsd-current  Sat Oct 14 19:28:40 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id TAA26408
          for current-outgoing; Sat, 14 Oct 1995 19:28:40 -0700
Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id TAA26402
          for <freebsd-current@freefall.freebsd.org>; Sat, 14 Oct 1995 19:28:33 -0700
Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id TAA22275; Sat, 14 Oct 1995 19:23:35 -0700
From: Terry Lambert <terry@lambert.org>
Message-Id: <199510150223.TAA22275@phaeton.artisoft.com>
Subject: Re: phkmalloc and X programs
To: jc@irbs.com (John Capo)
Date: Sat, 14 Oct 1995 19:23:34 -0700 (MST)
Cc: terry@lambert.org, jc@irbs.com, freebsd-current@freefall.freebsd.org
In-Reply-To: <199510142248.SAA14930@irbs.irbs.com> from "John Capo" at Oct 14, 95 06:48:35 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1266      
Sender: owner-current@FreeBSD.org
Precedence: bulk

> > The only assumption in this code is that namelen is >= 5.
> > 
> > There is no assumption of numm termination on the lname string implicit
> > in the malloc; if there were, it would be "namelen = strlen(name) + 1;".
> > 
> > 
> Ok, I didn't include enough code fragments.  Further down in the code:
> 
>     if (family == FamilyWild && (cp = strchr(lname, ':'))) {
>         *cp = '\0';
>         fprintf (stderr, "%s: unknown address family \"%s\"\n",
>                  ProgramName, lname);
>         return 0;
>     }

Oh.  This would be bad.

> lname is not NULL terminated unless malloc() returns zeroed memory.

Not even then, unless the memory is uniformly overallocated, and the
overallocated portion is zeroed as well as the requested portion.

Looks like the malloc(namelen) should be a calloc(namelen + 1).

> I have never seen anything that states that malloc() returns zeroed
> memory nor have I seen bzero/memset in the BSD malloc() sources.
> 
> Here is the failure:
> xhost +cleat
> xhost: unknown address family "cleatPPPPPPPPPPP0PPPPPPPPPPPPPPPs0).O\e"
> xhost:  bad hostname "cleat"

'P' for Pohl.  8-).


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.