From owner-cvs-src@FreeBSD.ORG  Fri Oct  7 15:04:11 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0F40716A41F;
	Fri,  7 Oct 2005 15:04:11 +0000 (GMT) (envelope-from bde@zeta.org.au)
Received: from mailout1.pacific.net.au (mailout1.pacific.net.au [61.8.0.84])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7497843D45;
	Fri,  7 Oct 2005 15:04:10 +0000 (GMT) (envelope-from bde@zeta.org.au)
Received: from mailproxy1.pacific.net.au (mailproxy1.pacific.net.au
	[61.8.0.86])
	by mailout1.pacific.net.au (8.13.4/8.13.4/Debian-3) with ESMTP id
	j97F49FI001334; Sat, 8 Oct 2005 01:04:09 +1000
Received: from katana.zip.com.au (katana.zip.com.au [61.8.7.246])
	by mailproxy1.pacific.net.au (8.13.4/8.13.4/Debian-3) with ESMTP id
	j97F47bI015773; Sat, 8 Oct 2005 01:04:08 +1000
Date: Sat, 8 Oct 2005 01:04:08 +1000 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@delplex.bde.org
To: Nate Lawson <nate@root.org>
In-Reply-To: <4345607F.1080804@root.org>
Message-ID: <20051008005134.Q58005@delplex.bde.org>
References: <20051006111026.BA71016A452@hub.freebsd.org>
	<4345607F.1080804@root.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org,
	Pawel Jakub Dawidek <pjd@FreeBSD.org>, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/libkern strtok.c src/sys/sys libkern.h 
 src/sys/conf files
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2005 15:04:11 -0000

On Thu, 6 Oct 2005, Nate Lawson wrote:

> Pawel Jakub Dawidek wrote:
>> pjd         2005-10-06 11:10:10 UTC
>> 
>>   FreeBSD src repository
>> 
>>   Modified files:
>>     sys/sys              libkern.h     sys/conf             files   Added 
>> files:
>>     sys/libkern          strtok.c   Log:
>>   Add strtok() and strtok_r() function to libkern.
>>     MFC after:      2 weeks
>>     Revision  Changes    Path
>>   1.1055    +1 -0      src/sys/conf/files
>>   1.1       +98 -0     src/sys/libkern/strtok.c (new)
>>   1.51      +2 -0      src/sys/sys/libkern.h
>
> Why is the kernel parsing strings?  Seems like a good way to introduce 
> security flaws.

sscanf() is a similar older mistake in the kernel.  sscanf() is only
slightly more useable than gets(), since its behaviour on overflow is
undefined and input that is not parsed in other ways can easily cause
overflow.  (Its actual behaviour is to blindly truncate results.)  In
the kernel, more than half (by sscanf count) of its abuses are for %d
or %x formats which can easily be handled right using strto[u]l().

Bruce