Re: [Qemu-devel] [PATCH] security

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] security_20040618

From:	Tim
Subject:	Re: [Qemu-devel] [PATCH] security_20040618
Date:	Sat, 19 Jun 2004 08:05:15 -0700
User-agent:	Mutt/1.5.6+20040523i

> > --- qemu-current/monitor.c  2004-06-16 20:49:59.000000000 -0700
> > +++ qemu-dev/monitor.c      2004-06-17 22:12:49.000000000 -0700
> >                  str = qemu_malloc(strlen(buf) + 1);
> > -                strcpy(str, buf);
> > +                pstrcpy(str, strlen(buf) + 1,  buf);
> 
> In my opinion, it already absolutely unnecessary correction.
> There is in this place no problem.

Yeah, you are probably right.  I looked at that one on 3 seperate
occasions before making the change, since I recognized that there are
very few conditions where it could possibly be a problem, and come to
think of it, this fix doesn't mitigate those conditions.

That chunk of code makes me uncomfortable for other reasons though (does
qemu_malloc() return NULL ever?  could buf possibly be missing a
trailing '\0' ever?) so I'll re-visit it again and see what makes the
most sense.  The pstrcpy isn't hurting anything though.  Slightly slower
copy, due to the length checking, but it isn't in a critical piece of
code (monitor.c is just for the user interface command prompt, right?),
so I also don't see a reason to remove it, esp if changes in the future
open up the possibility of an overflow.

thanks for the comment,
tim

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] security_20040618, Tim, 2004/06/18
- Re: [Qemu-devel] [PATCH] security_20040618, Gianni Tedesco, 2004/06/19
  - Re: [Qemu-devel] [PATCH] security_20040618, Tim, 2004/06/19
    - Re: [Qemu-devel] [PATCH] security_20040618, Gianni Tedesco, 2004/06/19
- Re: [Qemu-devel] [PATCH] security_20040618, Fabrice Bellard, 2004/06/19
  - Re: [Qemu-devel] [PATCH] security_20040618, Tim, 2004/06/19
    - Re: [Qemu-devel] [PATCH] security_20040618, Fabrice Bellard, 2004/06/19
- Re: [Qemu-devel] [PATCH] security_20040618, Vladimir N. Oleynik, 2004/06/19
  - Re: [Qemu-devel] [PATCH] security_20040618, Tim <=
    - [Qemu-devel] Re: [PATCH] security_20040618, Charlie Gordon, 2004/06/20
    - Re: [Qemu-devel] Re: [PATCH] security_20040618, Tim, 2004/06/20
    - [Qemu-devel] Re: Re: [PATCH] security_20040618, Charlie Gordon, 2004/06/20
    - Re: [Qemu-devel] Re: Re: [PATCH] security_20040618, Tim, 2004/06/20
    - OT: C Q/As, was Re: [Qemu-devel] security_20040618, Christof Petig, 2004/06/21
    - [Qemu-devel] OT: C Q/As, was Re: security_20040618, Charlie Gordon, 2004/06/21
    - Re: [Qemu-devel] OT: C Q/As, was Re: security_20040618, Christof Petig, 2004/06/21
    - Re: OT: C Q/As, was Re: [Qemu-devel] security_20040618, Michael Jennings, 2004/06/21
    - [Qemu-devel] Re: completely OT: C Q/As, was Re: security_20040618, Charlie Gordon, 2004/06/22
    - Re: [Qemu-devel] Re: completely OT: C Q/As, was Re: security_20040618, Sander Nagtegaal, 2004/06/22

Prev by Date: Re: [Qemu-devel] compiling for cirrus?
Next by Date: Re: [Qemu-devel] [PATCH] security_20040618
Previous by thread: Re: [Qemu-devel] [PATCH] security_20040618
Next by thread: [Qemu-devel] Re: [PATCH] security_20040618
Index(es):
- Date
- Thread