From owner-cvs-src@FreeBSD.ORG  Fri Oct  7 18:56:04 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 89BAF16A41F;
	Fri,  7 Oct 2005 18:56:04 +0000 (GMT) (envelope-from nate@root.org)
Received: from www.cryptography.com (li-22.members.linode.com [64.5.53.22])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3384043D45;
	Fri,  7 Oct 2005 18:56:04 +0000 (GMT) (envelope-from nate@root.org)
Received: from [10.0.0.33] (adsl-67-119-74-222.dsl.sntc01.pacbell.net
	[67.119.74.222])
	by www.cryptography.com (8.12.8/8.12.8) with ESMTP id j97Iu1SA029650
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Fri, 7 Oct 2005 11:56:02 -0700
Message-ID: <4346C4BA.5080308@root.org>
Date: Fri, 07 Oct 2005 11:55:54 -0700
From: Nate Lawson <nate@root.org>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Bruce Evans <bde@zeta.org.au>
References: <20051006111026.BA71016A452@hub.freebsd.org>
	<4345607F.1080804@root.org> <20051008005134.Q58005@delplex.bde.org>
In-Reply-To: <20051008005134.Q58005@delplex.bde.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org,
	Pawel Jakub Dawidek <pjd@FreeBSD.org>, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/libkern strtok.c src/sys/sys libkern.h  
 src/sys/conf files
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2005 18:56:04 -0000

Bruce Evans wrote:
> On Thu, 6 Oct 2005, Nate Lawson wrote:
> 
>> Pawel Jakub Dawidek wrote:
>>
>>> pjd         2005-10-06 11:10:10 UTC
>>>
>>>   FreeBSD src repository
>>>
>>>   Modified files:
>>>     sys/sys              libkern.h     sys/conf             files   
>>> Added files:
>>>     sys/libkern          strtok.c   Log:
>>>   Add strtok() and strtok_r() function to libkern.
>>>     MFC after:      2 weeks
>>>     Revision  Changes    Path
>>>   1.1055    +1 -0      src/sys/conf/files
>>>   1.1       +98 -0     src/sys/libkern/strtok.c (new)
>>>   1.51      +2 -0      src/sys/sys/libkern.h
>>
>>
>> Why is the kernel parsing strings?  Seems like a good way to introduce 
>> security flaws.
> 
> 
> sscanf() is a similar older mistake in the kernel.  sscanf() is only
> slightly more useable than gets(), since its behaviour on overflow is
> undefined and input that is not parsed in other ways can easily cause
> overflow.  (Its actual behaviour is to blindly truncate results.)  In
> the kernel, more than half (by sscanf count) of its abuses are for %d
> or %x formats which can easily be handled right using strto[u]l().

I don't have time at the moment (working on new battery support) but I'd 
appreciate it if you removed sscanf.

-- 
Nate