Date: Fri, 24 Mar 1995 00:03:59 -0700 (MST) From: Rich Scott <rxscot2@lookout.ecte.uswc.uswest.com> To: ache@astral.msk.su (Andrey A. Chernov, Black Mage) Cc: current@FreeBSD.org, wollman@lcs.mit.edu, dima@FreeBSD.org Subject: Re: ATTENTION: VERY serious hidden bug in Message-ID: <199503240703.AAA27649@lookout.ecte.uswc.uswest.com> In-Reply-To: <SHE_aSlC3C@astral.msk.su> from "Andrey A. Chernov, Black Mage" at Mar 24, 95 07:51:26 am
next in thread | previous in thread | raw e-mail | index | archive | help
|When program uses strtok() and call gethostbyname/addr after |it, strtok() memory becomes corrupted, because private function |init_services() from gethostnamaddr.c module uses strtok() too! |AND ONLY ONE STRTOK PARSER MAY BE ACTIVE AT ONCE. Now init_services() |strtok() corrupts program strtok() internal variables. |Garrett, please, get rid of strtok() in init_services()! | |Currently this bug strongly affects at least tcp_wrapper. Chris Torek himself often suggests that people use strsep(3), which was introduced into 4.4BSD by him, instead of strtok(3), for just this reason (i.e. when you need to parse multiple strings simultaneously). strsep() also handles zero-length substrings correctly (when two delimiter chars are adjacent). It's not ANSI-standard, but it's a lot nicer than strtok(). =rich -- Rich Scott DMP/MAE USWest Technologies, Denver, CO <rxscot2@lookout.ecte.uswc.uswest.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199503240703.AAA27649>