On Wed, 24 Nov 1999, Peter Jeremy wrote:
> A 'grep | wc' equivalent over the source tree gives:
>
> gets 110
> strcat 2860
> strcpy 4717
> strncat 167
> strncpy 1514
> sprintf 6839
> vsprintf 133
>
...
> A string search for (roughly) "scanf.*%s" also picks up 74 cases of
> un-bounded string scans.
>
> And these are the easy ones...
I'd like to note something. Strcat isn't necessarily unsafe, and strncat()
isn't necessarily safe. It is not possible to just tell people "look
for this and replace it with this."
For example, with fscanf():
char buf[80], something[80];
#if 1
if (fscanf(file, "%d:foo:%.*s", &smurf, sizeof(something),
something) /* This is safe, of course. */
#else
if (fscanf(file, "%d:foo:%s", &smurf, something);
/* I'm using %s here, but it's safe. Compare
* the buffer sizes. */
#endif
For a better example, in the real world (from src/sys/netinet/ip_fw.c):
#define SNPARGS(buf, len) buf + len, sizeof(buf) > len ? sizeof(buf) - len : 0
char action2[32], proto[47], name[18], fragment[17];
/* Print command name */
snprintf(SNPARGS(name, 0), "ipfw: %d", f ? f->fw_number : -1);
Despite the fact that the buffer name[] was made to be exactly the
largest size, where sprintf() _would_be_safe_, some people insist
on using snprintf() "for stability". Don't get caught doing this.
If you find a strcat() (for example), see if it's safe. If it is,
then why replace it?
>
> Peter
>
>
--
Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! /
[EMAIL PROTECTED] `------------------------------'
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
