From owner-freebsd-audit  Wed Mar  6  6:21:24 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from columbus.cris.net (columbus.cris.net [212.110.128.65])
	by hub.freebsd.org (Postfix) with ESMTP id 153C237B400
	for <audit@FreeBSD.ORG>; Wed,  6 Mar 2002 06:21:16 -0800 (PST)
Received: from ark.cris.net (ns2.cris.net [212.110.128.68])
	by columbus.cris.net (8.9.3/8.9.3) with ESMTP id QAA87903;
	Wed, 6 Mar 2002 16:21:07 +0200 (EET)
Received: (from phantom@localhost)
	by ark.cris.net (8.11.1/8.11.1) id g26EKdl77929;
	Wed, 6 Mar 2002 16:20:39 +0200 (EET)
Date: Wed, 6 Mar 2002 16:20:39 +0200
From: Alexey Zelkin <phantom@FreeBSD.ORG>
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: audit@FreeBSD.ORG
Subject: Re: safety checking for catgets (NLS catalogs)
Message-ID: <20020306162039.A77231@ark.cris.net>
References: <20020302202437.A1078@gate.sim.ionidea.com> <20020302184656.GA32218@nagual.pp.ru> <20020305125548.A92735@ark.cris.net> <20020305110659.GA77856@nagual.pp.ru> <20020306124449.GB99728@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20020306124449.GB99728@nagual.pp.ru>; from ache@nagual.pp.ru on Wed, Mar 06, 2002 at 03:44:52PM +0300
X-Operating-System: FreeBSD 3.5-STABLE i386
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

hi,

On Wed, Mar 06, 2002 at 03:44:52PM +0300, Andrey A. Chernov wrote:
> On Tue, Mar 05, 2002 at 14:07:01 +0300, Andrey A. Chernov wrote:
> > On Tue, Mar 05, 2002 at 12:55:48 +0200, Alexey Zelkin wrote:
> > 
> > > Actually I think it was not good idea to
> > > add this check each time on catgets() and will move this check to
> > > catalog loading stage.
> > 
> > Ok, I could live with that.
> 
> On second thought, not quite so.
> 
> catgets() not load whole message catalog once but do it part-by-part. It
> means, that if I want small string from one section, whole section will be
> scanned, and if I want another one from another section, it will be
> scanned too, and it repeats. It means that sections list must be
> maintained indicating which sections are already scanned and which are not
> yet.

I see no reason to scan whole set if only one string is loaded. It will
be checked once. If retrived from message catalog string is unsafe it will
be freed from pre-loaded catalog and marked as unsafe and should not be tried
to load again.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message