Date: Sat, 22 Feb 1997 02:03:10 -0800 (PST) From: Alex Belits <abelits@phobos.illtel.denver.co.us> To: Guido van Rooij <guido@gvr.win.tue.nl> Cc: Matt Dillon <dillon@best.net>, gurney_j@resnet.uoregon.edu, top@sonic.cris.net, audit-bin@freebsd.org, FreeBSD-hackers@freebsd.org Subject: Re: hmm Message-ID: <Pine.LNX.3.95.970222015956.28017B-100000@phobos.illtel.denver.co.us> In-Reply-To: <199702211947.UAA09374@gvr.win.tue.nl>
index | next in thread | previous in thread | raw e-mail
On Fri, 21 Feb 1997, Guido van Rooij wrote:
> > :> > > underneath btw:
> > :> > > if (*p != '\0' && p[strlen(p) - 1] == '[') {
> > :> > > ^^^^^^^^^^
> > :Hmm...After rereading this, I think I have it wrong :-(). That's what you get
> > :with quick answers. The check is indeed necessary.
> > :
> > :-Guido
> >
> > The check should probably be in there, but it not being there is not
> > likely to cause a security hole since page 0 is write-protected on FreeBSD
> > machines.
>
> Nono, I didn;t mean the check for p==NULL or not; I meant the check
> for p!="" (or equivalently: *p!='\0')
with p=""
*p != '\0' && p[strlen(p) - 1] == '[' _still_ will read a byte p[-1].
In most of situations not dangerous, but still potentially unaccessible
memory (sorry, I have no idea where is this ugly thing from and how p is
allocated).
--
Alex
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.970222015956.28017B-100000>