From owner-svn-src-head@freebsd.org Thu Jul 11 02:06:51 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5845415E9639; Thu, 11 Jul 2019 02:06:51 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C8DA885F85; Thu, 11 Jul 2019 02:06:49 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id lOTuhhY8nSrVclOTvhRbDQ; Wed, 10 Jul 2019 20:06:47 -0600 X-Authority-Analysis: v=2.3 cv=L5ZjvNb8 c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=kj9zAlcOel0A:10 a=0o9FgrsRnhwA:10 a=6I5d2MoRAAAA:8 a=2QSLavsyAAAA:8 a=YxBL1-UpAAAA:8 a=3YDKmzK5xmxd0qjhx50A:9 a=CjuIK1q_8ugA:10 a=IjZwj45LgO3ly-622nXo:22 a=9H_80fVQ3bbXSWzY4Kdq:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy8 [10.2.2.6]) by spqr.komquats.com (Postfix) with ESMTPS id 0BD931188; Wed, 10 Jul 2019 19:06:44 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x6B26PJj013176; Wed, 10 Jul 2019 19:06:25 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x6B26PUu013164; Wed, 10 Jul 2019 19:06:25 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201907110206.x6B26PUu013164@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Alexey Dokuchaev cc: Philip Paeps , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r349890 - head/contrib/telnet/telnet In-Reply-To: Message from Alexey Dokuchaev of "Thu, 11 Jul 2019 01:47:29 -0000." <20190711014729.GB23621@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 10 Jul 2019 19:06:25 -0700 X-CMAE-Envelope: MS4wfLYjaVx0R6CKiaY/yEwQrWMtfnAGKDFQTXUiWTJj3iIDlgCIq2FpGVrDM166ZfrioFEQERhdMy7WuidmEYp2c38hHbbASkadViEJW6QzcN3LJ4HqdThn wPs7yH/OyKp0r/NxPKD14JDeT6BxZmtFZ5Vyn8Db4jK7AGoC0xrAoBdHwQbyezPHcxfCAVq8cT47Kz2yXsV0wJaAA0s+v3ZCn4+MMQodux91gGnUo9wnJBS7 jhNtNu6H6yAwzdlzqC1Jif9E3AgcDCcV9e9f1jdisbz5J+Jm/amwT7PDBe65bvP9Aa4pOv/CTTlhcYiMokL43A== X-Rspamd-Queue-Id: C8DA885F85 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-4.80 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_FIVE(0.00)[5]; REPLYTO_EQ_FROM(0.00)[]; IP_SCORE(-2.38)[ip: (-6.00), ipnet: 64.59.128.0/20(-3.26), asn: 6327(-2.53), country: CA(-0.09)]; MX_GOOD(-0.01)[cached: spqr.komquats.com]; NEURAL_HAM_SHORT(-0.82)[-0.818,0]; RCVD_IN_DNSWL_NONE(0.00)[139.136.59.64.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.zen.spamhaus.org : 127.0.0.11]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jul 2019 02:06:51 -0000 In message <20190711014729.GB23621@FreeBSD.org>, Alexey Dokuchaev writes: > On Wed, Jul 10, 2019 at 05:42:04PM +0000, Philip Paeps wrote: > > New Revision: 349890 > > URL: https://svnweb.freebsd.org/changeset/base/349890 > > > > Log: > > telnet: fix a couple of snprintf() buffer overflows > > > > Modified: head/contrib/telnet/telnet/commands.c > > @@ -1655,10 +1655,11 @@ env_init(void) > > char hbuf[256+1]; > > char *cp2 = strchr((char *)ep->value, ':'); > > > > - gethostname(hbuf, 256); > > - hbuf[256] = '\0'; > > - cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1); > > - sprintf((char *)cp, "%s%s", hbuf, cp2); > > Would it make sense to add something like __attribute__ ((deprecated)) > to those unsafe functions like gets(), sprintf(), etc.? Or it would > cause too much PITA? sprintf() is not deprecated (https://en.cppreference.com/w/c/io/fprintf) . gets() is removed in C11 (https://en.cppreference.com/w/c/io/gets), replaced by gets_s(). We already have gets_s(). We need printf_s(), sprintf_s() and snprintf_s(). -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.