Date: Sat, 14 Oct 1995 19:23:34 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: jc@irbs.com (John Capo) Cc: terry@lambert.org, jc@irbs.com, freebsd-current@freefall.freebsd.org Subject: Re: phkmalloc and X programs Message-ID: <199510150223.TAA22275@phaeton.artisoft.com> In-Reply-To: <199510142248.SAA14930@irbs.irbs.com> from "John Capo" at Oct 14, 95 06:48:35 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > The only assumption in this code is that namelen is >= 5.
> >
> > There is no assumption of numm termination on the lname string implicit
> > in the malloc; if there were, it would be "namelen = strlen(name) + 1;".
> >
> >
> Ok, I didn't include enough code fragments. Further down in the code:
>
> if (family == FamilyWild && (cp = strchr(lname, ':'))) {
> *cp = '\0';
> fprintf (stderr, "%s: unknown address family \"%s\"\n",
> ProgramName, lname);
> return 0;
> }
Oh. This would be bad.
> lname is not NULL terminated unless malloc() returns zeroed memory.
Not even then, unless the memory is uniformly overallocated, and the
overallocated portion is zeroed as well as the requested portion.
Looks like the malloc(namelen) should be a calloc(namelen + 1).
> I have never seen anything that states that malloc() returns zeroed
> memory nor have I seen bzero/memset in the BSD malloc() sources.
>
> Here is the failure:
> xhost +cleat
> xhost: unknown address family "cleatPPPPPPPPPPP0PPPPPPPPPPPPPPPs0).O\e"
> xhost: bad hostname "cleat"
'P' for Pohl. 8-).
Terry Lambert
terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510150223.TAA22275>