[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] OpenBSD added to the buildbot cluster
From: |
Paul Vixie |
Subject: |
Re: [Nmh-workers] OpenBSD added to the buildbot cluster |
Date: |
Sun, 15 Dec 2013 21:34:04 -0800 |
User-agent: |
Postbox 3.0.8 (Windows/20130427) |
my gripe with strlcat, strlcpy, and similar is silent truncation. the
openbsd team once sent me a huge block of diffs for bind8, altering
every strcpy to strlcpy, and so on. i rejected it, since silent
truncation is no less wrong than overflowing an array would be, and no
less likely to result in a security vulnerability. i did my own audit,
modifying some occurrences of strcat by prepending them with:
assert(strlen(x) + strlen(y) < sizeof z);
because if the code is wrong i want it dead, not continuing lobotomized.
my changes were not well taken by the openbsd team.
vixie
- [Nmh-workers] OpenBSD added to the buildbot cluster, Lyndon Nerenberg, 2013/12/12
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, David Levine, 2013/12/12
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Anthony J. Bentley, 2013/12/13
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Pascal Stumpf, 2013/12/13
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Robert Elz, 2013/12/15
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Ken Hornstein, 2013/12/16
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Ken Hornstein, 2013/12/16
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Robert Elz, 2013/12/16
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Ralph Corderoy, 2013/12/16
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Ken Hornstein, 2013/12/16
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Ralph Corderoy, 2013/12/18
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Ken Hornstein, 2013/12/18
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Ingo Schwarze, 2013/12/16
- Re: [Nmh-workers] OpenBSD added to the buildbot cluster, Robert Elz, 2013/12/16