Subject: Re: buffer overflows in libsa
To: Roland Illig <rillig@NetBSD.org>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-kern
Date: 08/22/2005 15:10:44
--d8Lz2Tf5e5STOWUP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Aug 22, 2005 at 07:44:45PM +0200, Roland Illig wrote:
> Hi all,
>=20
> the stand-alone library still contains two function with buffer=20
> overflows, namely gets() and getpass(). To fix that, I have written the=
=20
> appended patch. The new feature it requests is that the=20
> (architecture-dependent) putchar() function can handle '\a' and either=20
> beeps or ignores it completely.
I don't think that changing gets() is the right thing to do. gets() is=20
documented to be a dangerous call, so "fixing" it to not be dangerous=20
seems backwards. Also, while libsa is a different environment from=20
userland's libc, I think we should try to keep calls with the same name in=
=20
sync.
I think a much cleaner approach is to get rid of gets() and change ALL=20
callers (note, that means checking the boot loaders for all of our=20
platforms!) to use fgets().
I wouldn't object to you coming up with a getsn() or some such that took a=
=20
buffer length and assumed standard in. Or getsl().
getpass() should already be ok. It specifically only accepts _PASSWORD_LEN=
=20
characters (which is 128 in libc/userland).
Take care,
Bill
--d8Lz2Tf5e5STOWUP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
iD8DBQFDCk1jWz+3JHUci9cRAn9VAJ4omj7h3BhIlgX1ZB1f/ALqlsldlwCeKRM4
tWC8oWwmeue5e1QiJR1mvPg=
=mXhk
-----END PGP SIGNATURE-----
--d8Lz2Tf5e5STOWUP--