On Mon, 14 Nov 2005 00:58:43 -0800 (PST), patrick ~ wrote: > >--- "Rod.. Whitworth" <[EMAIL PROTECTED]> wrote: > >> On Sun, 13 Nov 2005 17:22:42 -0800 (PST), patrick ~ wrote: > >> > /* Made up example of course */ >> >- if (!strcmp(buf,"n/a")) >> >+ if (!strncmp(buf,"n/a",3)) >> > >> > >> >Is there a real value in doing this? >> >I don't see it. >> > >> >Can someone shed some light on this >> >for me please. >> >> Are you just trolling? >> If not, how come you have not been "looking" in the archives? >> Mrs Google can help you too: >> http://justfuckinggoogleit.com/search?q=strncmp+openbsd+why > > >My question was meant to be a very >general one about why we patch 3rd >party software just to replace a >standard C function with another one >which gives exactly the same result >most of the time, and in some instances >could give *undesired* results, i.e., >may adversely change the behavior of >the program. > >Your suggested google query resulted to >nothing useful, other than a page with >an awk script counting string function >usage in openbsd source code. > >I wonder if you even bothered to try >the link yourself before suggesting it? >
Welllllllll..... had you looked at the second hit (really near the top, so boredom should not have set in yet) searching for why it <was> a hit you would have seen several instances of str*** func calls being replaced by strn*** func when the str ones were unsafe. Seeing that it was all about a CERT vulnerability report one would have assumed that a student of the topic would have gotten some insight into why these changes were made. The head tells you that buffer overflows were an issue as they often are when str funcs are used unsafely. I'm sure that a good STFA would have found some insights from Theo and others and you really should have donee your homework there before asking about such a frequent topic. Mailing list netiquette. > >Someone else, who emailed me in private, >was a bit upset that my message lacked >any specifics in regard to which port >I was referring to. > >I was trying to keep the question very >general and not specific to any particular >port. But if you must know I am looking >at graphics/p5-Image-EXIF on a 3.7-stable >system (my 3.8 CDs are still on my book >shelf waiting for me to get around to >upgrading a few machines). > > >g'nite, >--patrick >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
