From owner-freebsd-hackers Sat Feb 22 02:02:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id CAA27798 for hackers-outgoing; Sat, 22 Feb 1997 02:02:43 -0800 (PST) Received: from phobos.illtel.denver.co.us (abelits@phobos.illtel.denver.co.us [207.33.75.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA27709; Sat, 22 Feb 1997 02:02:07 -0800 (PST) Received: from localhost (abelits@localhost) by phobos.illtel.denver.co.us (8.8.5/8.6.9) with SMTP id CAA28122; Sat, 22 Feb 1997 02:03:10 -0800 Date: Sat, 22 Feb 1997 02:03:10 -0800 (PST) From: Alex Belits To: Guido van Rooij cc: Matt Dillon , gurney_j@resnet.uoregon.edu, top@sonic.cris.net, audit-bin@freebsd.org, FreeBSD-hackers@freebsd.org Subject: Re: hmm In-Reply-To: <199702211947.UAA09374@gvr.win.tue.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 21 Feb 1997, Guido van Rooij wrote: > > :> > > underneath btw: > > :> > > if (*p != '\0' && p[strlen(p) - 1] == '[') { > > :> > > ^^^^^^^^^^ > > :Hmm...After rereading this, I think I have it wrong :-(). That's what you get > > :with quick answers. The check is indeed necessary. > > : > > :-Guido > > > > The check should probably be in there, but it not being there is not > > likely to cause a security hole since page 0 is write-protected on FreeBSD > > machines. > > Nono, I didn;t mean the check for p==NULL or not; I meant the check > for p!="" (or equivalently: *p!='\0') with p="" *p != '\0' && p[strlen(p) - 1] == '[' _still_ will read a byte p[-1]. In most of situations not dangerous, but still potentially unaccessible memory (sorry, I have no idea where is this ugly thing from and how p is allocated). -- Alex