Date: Fri, 07 Oct 2005 11:55:54 -0700 From: Nate Lawson <nate@root.org> To: Bruce Evans <bde@zeta.org.au> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, Pawel Jakub Dawidek <pjd@FreeBSD.org>, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/libkern strtok.c src/sys/sys libkern.h src/sys/conf files Message-ID: <4346C4BA.5080308@root.org> In-Reply-To: <20051008005134.Q58005@delplex.bde.org> References: <20051006111026.BA71016A452@hub.freebsd.org> <4345607F.1080804@root.org> <20051008005134.Q58005@delplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans wrote: > On Thu, 6 Oct 2005, Nate Lawson wrote: > >> Pawel Jakub Dawidek wrote: >> >>> pjd 2005-10-06 11:10:10 UTC >>> >>> FreeBSD src repository >>> >>> Modified files: >>> sys/sys libkern.h sys/conf files >>> Added files: >>> sys/libkern strtok.c Log: >>> Add strtok() and strtok_r() function to libkern. >>> MFC after: 2 weeks >>> Revision Changes Path >>> 1.1055 +1 -0 src/sys/conf/files >>> 1.1 +98 -0 src/sys/libkern/strtok.c (new) >>> 1.51 +2 -0 src/sys/sys/libkern.h >> >> >> Why is the kernel parsing strings? Seems like a good way to introduce >> security flaws. > > > sscanf() is a similar older mistake in the kernel. sscanf() is only > slightly more useable than gets(), since its behaviour on overflow is > undefined and input that is not parsed in other ways can easily cause > overflow. (Its actual behaviour is to blindly truncate results.) In > the kernel, more than half (by sscanf count) of its abuses are for %d > or %x formats which can easily be handled right using strto[u]l(). I don't have time at the moment (working on new battery support) but I'd appreciate it if you removed sscanf. -- Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4346C4BA.5080308>