Re: CVS commit: src/libexec/comsat

To: Jarle Greipsland <jarle%uninett.no@localhost>
Subject: Re: CVS commit: src/libexec/comsat
From: "Valeriy E. Ushakov" <uwe%ptc.spbu.ru@localhost>
Date: Sun, 21 Sep 2003 16:34:02 +0400

On Sun, Sep 21, 2003 at 12:56:51 +0200, Jarle Greipsland wrote:

> > Wouldn't it be sufficient to just add a comment saying that this behavior
> > is ok because we exit if there's a failure?
> 
> What if an application had registered one or more functions with
> atexit(3)?  Granted, the comsat application does not, and it is
> fairly small and can be understood fairly easily.  However, for
> bigger applications, this might not be the case, and some
> programmer might decide to introduce the clearing of memory on
> exit using an atexit-function, without performing an audit of the
> code pattern for all instances of realloc() in the application.

Let me once again note that, *unlike* the ssh buffer.c bug, in this
case if realloc fails the buf variable will be NULL.  You cannot do a
lot of clean up on the NULL pointer.

Also, if the data in the buffer is so sensitive in the first place,
then if a successfull realloc has to free the old copy, the old copy
is no longer accessible for the program to clean up.  So it's not
enough to zero-out all your buffers accessible via live pointers,
right?

SY, Uwe
-- 
uwe%ptc.spbu.ru@localhost                         |       Zu Grunde kommen
http://www.ptc.spbu.ru/~uwe/            |       Ist zu Grunde gehen

References:
- Re: CVS commit: src/libexec/comsat
  - From: itojun
- Re: CVS commit: src/libexec/comsat
  - From: Bill Studenmund
- Re: CVS commit: src/libexec/comsat
  - From: Jarle Greipsland

Prev by Date: CVS commit: src/sys/dev/ic
Next by Date: CVS commit: src/sys/dev/pci
Previous by Thread: Re: CVS commit: src/libexec/comsat
Next by Thread: Re: CVS commit: src/libexec/comsat
Indexes:

Home | Main Index | Thread Index | Old Index