From owner-cvs-all  Thu Dec 17 15:03:09 1998
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA01527
          for cvs-all-outgoing; Thu, 17 Dec 1998 15:03:09 -0800 (PST)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA01517;
          Thu, 17 Dec 1998 15:03:06 -0800 (PST)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id PAA06010;
	Thu, 17 Dec 1998 15:02:52 -0800 (PST)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id PAA23946;
	Thu, 17 Dec 1998 15:02:51 -0800 (PST)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id PAA08353;
	Thu, 17 Dec 1998 15:02:50 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199812172302.PAA08353@salsa.gv.tsc.tdk.com>
Date: Thu, 17 Dec 1998 15:02:50 -0800
In-Reply-To: Eivind Eklund <eivind@yes.no>
       "Re: cvs commit: src/lib/libc/gen getpwent.c" (Dec 17,  5:54pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Eivind Eklund <eivind@yes.no>, cvs-committers@FreeBSD.ORG,
        cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/lib/libc/gen getpwent.c
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

On Dec 17,  5:54pm, Eivind Eklund wrote:
} Subject: Re: cvs commit: src/lib/libc/gen getpwent.c

} This illustrate a point I have made repeatedly, both on Bugtraq and in
} various *BSD-lists: Truncation is usually wrong.  If you are on an
} error path, look for some way to get a correct error return instead of
} truncating.  In this case, it was trivial.  In some cases it isn't
} (but remember - abort() is a usable error return, too), and truncation
} is the only option - but don't reach for it as your first tool.

This is one of my pet peeves as well.  I worry that just globally
substituting snprintf and friends will turn a reliable segmentation
fault into a root exploit because of silent truncation.  If you start
seeing core files around, then at least you know that someone might
be knocking on the door ...

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message