From owner-freebsd-arch  Wed Dec 13  1: 6:25 2000
From owner-freebsd-arch@FreeBSD.ORG  Wed Dec 13 01:06:23 2000
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134])
	by hub.freebsd.org (Postfix) with ESMTP id BFAE437B400
	for <arch@FreeBSD.ORG>; Wed, 13 Dec 2000 01:06:22 -0800 (PST)
Received: (from daemon@localhost)
	by smtp04.primenet.com (8.9.3/8.9.3) id CAA29010;
	Wed, 13 Dec 2000 02:02:10 -0700 (MST)
Received: from usr08.primenet.com(206.165.6.208)
 via SMTP by smtp04.primenet.com, id smtpdAAAtdaaE4; Wed Dec 13 02:02:02 2000
Received: (from tlambert@localhost)
	by usr08.primenet.com (8.8.5/8.8.5) id CAA27235;
	Wed, 13 Dec 2000 02:06:07 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <200012130906.CAA27235@usr08.primenet.com>
Subject: Re: Safe string formatting in the kernel
To: phk@critter.freebsd.dk (Poul-Henning Kamp)
Date: Wed, 13 Dec 2000 09:06:07 +0000 (GMT)
Cc: tlambert@primenet.com (Terry Lambert), kris@citusc.usc.edu,
	des@ofug.org (Dag-Erling Smorgrav), arch@FreeBSD.ORG
In-Reply-To: <79446.976697492@critter> from "Poul-Henning Kamp" at Dec 13, 2000 09:51:32 AM
X-Mailer: ELM [version 2.5 PL2]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: tlambert@usr08.primenet.com
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> >I've been a fan of this approach, ever since I fixed a memory
> >leak in the failure path (submitted via Matt Day in 1997).  It
> >is much more robust; I've been troubled by the mount option
> >cruft in BSD, and the more string stuff goes into the kernel,
> >the less happy I become with it.
> 
> I don't necessarily see that as a bad thing :-)
> 
> The main trouble is bad syscall API design:  All strings should be
> passed by pointer+length, rather than asciiz sematics.

DEFINITELY.

This would let you do the allocation based on peeking at the
size prior to copying the whole string in.  Count prefix strings
are one thing the C language has been missing for years.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message