* [devel] iptables
@ 2003-08-15 8:35 Alexey Tourbin
2003-08-15 8:46 ` [devel] iptables Alexey Tourbin
0 siblings, 1 reply; 3+ messages in thread
From: Alexey Tourbin @ 2003-08-15 8:35 UTC (permalink / raw)
To: devel; +Cc: nidd
[-- Attachment #1: Type: text/plain, Size: 141 bytes --]
$ pwd | sed s,$HOME,~,
~/RPM/BUILD/iptables-1.2.8
$ find -type f -name '*.c' | xargs grep -E "strcat|sprintf|strcpy" | wc -l
82
$
Ой.
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* [devel] Re: iptables
2003-08-15 8:35 [devel] iptables Alexey Tourbin
@ 2003-08-15 8:46 ` Alexey Tourbin
2003-08-15 10:11 ` Dmitry V. Levin
0 siblings, 1 reply; 3+ messages in thread
From: Alexey Tourbin @ 2003-08-15 8:46 UTC (permalink / raw)
To: devel; +Cc: nidd
[-- Attachment #1: Type: text/plain, Size: 595 bytes --]
On Fri, Aug 15, 2003 at 12:35:13PM +0400, Alexey Tourbin wrote:
> Ой.
И в некоторых местах strdup не проверяется.
Первый же пример grep -C3 strdup **/*.c
extensions/libip6t_ah.c- char *buffer;
extensions/libip6t_ah.c- char *cp;
extensions/libip6t_ah.c-
extensions/libip6t_ah.c: buffer = strdup(spistring);
extensions/libip6t_ah.c- if ((cp = strchr(buffer, ':')) == NULL)
extensions/libip6t_ah.c- spis[0] = spis[1] = parse_ah_spi(buffer,"spi");
extensions/libip6t_ah.c- else {
Специально напрашиваемся на взятие значения по нулевому адресу...
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [devel] Re: iptables
2003-08-15 8:46 ` [devel] iptables Alexey Tourbin
@ 2003-08-15 10:11 ` Dmitry V. Levin
0 siblings, 0 replies; 3+ messages in thread
From: Dmitry V. Levin @ 2003-08-15 10:11 UTC (permalink / raw)
To: ALT Devel discussion list
[-- Attachment #1: Type: text/plain, Size: 910 bytes --]
On Fri, Aug 15, 2003 at 12:46:01PM +0400, Alexey Tourbin wrote:
> On Fri, Aug 15, 2003 at 12:35:13PM +0400, Alexey Tourbin wrote:
> > Ой.
>
> И в некоторых местах strdup не проверяется.
> Первый же пример grep -C3 strdup **/*.c
>
> extensions/libip6t_ah.c- char *buffer;
> extensions/libip6t_ah.c- char *cp;
> extensions/libip6t_ah.c-
> extensions/libip6t_ah.c: buffer = strdup(spistring);
> extensions/libip6t_ah.c- if ((cp = strchr(buffer, ':')) == NULL)
> extensions/libip6t_ah.c- spis[0] = spis[1] = parse_ah_spi(buffer,"spi");
> extensions/libip6t_ah.c- else {
>
> Специально напрашиваемся на взятие значения по нулевому адресу...
Это в очередной раз доказывает тот факт, что административные утилиты
(типа iptables) написаны так плохо и доверяют клиенту в такой мере, что их
нельзя использовать с входными данными, не проверенными на 100%.
--
ldv
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-15 10:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-15 8:35 [devel] iptables Alexey Tourbin
2003-08-15 8:46 ` [devel] iptables Alexey Tourbin
2003-08-15 10:11 ` Dmitry V. Levin
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git