From owner-freebsd-hackers  Mon Jan 13 08:05:20 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id IAA18930
          for hackers-outgoing; Mon, 13 Jan 1997 08:05:20 -0800 (PST)
Received: from labs.usn.blaze.net.au (labs.usn.blaze.net.au [203.17.53.30])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id IAA18924
          for <hackers@FreeBSD.org>; Mon, 13 Jan 1997 08:05:05 -0800 (PST)
Received: (from davidn@localhost)
          by labs.usn.blaze.net.au (8.8.4/8.8.4)
	  id DAA01280; Tue, 14 Jan 1997 03:04:59 +1100 (EST)
Message-ID: <Mutt.19970114030458.davidn@labs.blaze.net.au>
Date: Tue, 14 Jan 1997 03:04:58 +1100
From: davidn@unique.usn.blaze.net.au (David Nugent)
To: bde@zeta.org.au (Bruce Evans)
Cc: joerg_wunsch@uriah.heep.sax.de, hackers@FreeBSD.org
Subject: Re: unused variable in su
References: <199701131017.VAA14907@godzilla.zeta.org.au>
X-Mailer: Mutt 0.56
Mime-Version: 1.0
In-Reply-To: <199701131017.VAA14907@godzilla.zeta.org.au>; from Bruce Evans on Jan 13, 1997 21:17:04 +1100
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Bruce Evans writes:
> >> Still, it's fairly obfuscated code.  It could be better worded:
> >
> >IMHO, it is fine (and yes, it should be strncpy()). Using the return
> 
> It should be strdup().  Using strncpy() or snprintf() to handle buffer
> overflows by truncating the string is sloppy.

No, it is defensive programming, pure and simple.

The buffer already IS a reasonable size - in fact, it is the
maximum legal path size. If the string copied into it is too
long, then it is going to get rejected by the execvp() anyway
- only the error number changes - EEXIST vs. ENAMETOOLONG.
Toss a coin, either approach is reasonable.

There is an advantage the snprintf() case, at least you can
detect if the formatted string would have overflowed. Although
it seems that the snprintf() return value is not often (enough)
checked. IMHO, it should be, perhaps even via syslog(), if
early notification of possible attacks is useful.

I would agree that using arbitrarily undersized buffers is sloppy,
but that is not the case here.

Regards,

David Nugent - Unique Computing Pty Ltd - Melbourne, Australia
Voice +61-3-9791-9547  Data/BBS +61-3-9792-3507  3:632/348@fidonet
davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/