Subject: Re: ARGSUSED and friends
To: Dan Winship <danw@MIT.EDU>
From: David Brownlee <abs@netbsd.org>
List: tech-kern
Date: 01/14/2000 17:59:40
Sounds like an interesting project for someone who wants to
work on lint - even if noone wants to now, someone should
put in a PR so that anyone looking for a project can find it.
David/absolute
On Fri, 14 Jan 2000, Dan Winship wrote:
> > A missed error return check which caused some severe problems.
>
> Urk... yeah, actually there was a really nasty bug in the first
> release of Kerberos telnet... the data being passed to one of the DES
> library routines was (usually) invalid, and telnet wasn't checking the
> return value. So the key schedule was left uninitialized and the code
> ended up "encrypting" the data with a key of all zeros 99% of the
> time...
>
> It would be nice though if lint knew that Bad Things can't happen if
> you "forget" to check the return value of a printf or strcat, etc.
>
> -- Dan
>