From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Fri, 30 Nov 2007 01:27:51 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Message-ID: <20071129222751.GA30354@basalt.office.altlinux.org>
Mail-Followup-To: ALT Linux Team development discussions
	<devel@lists.altlinux.org>
References: <679044850711280500x4213b54dk16d70e820595622b@mail.gmail.com>
	<20071128205826.GA31465@nomad.office.altlinux.org>
	<20071129061059.GD26134@mw.local.seiros.ru>
	<20071129062732.GA8711@wrars-comp.wrarsdomain>
	<20071129064100.GA5975@mw.local.seiros.ru>
	<20071129092821.GA4161@localhost.localdomain>
	<20071129113723.GA27374@mw.local.seiros.ru>
	<20071129115120.GA18833@localhost.localdomain>
	<20071129120214.GB27374@mw.local.seiros.ru>
	<75e139a00711290406i3bbf2ac5qac52e090b5d5dc78@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA"
Content-Disposition: inline
In-Reply-To: <75e139a00711290406i3bbf2ac5qac52e090b5d5dc78@mail.gmail.com>
X-fingerprint: FE4C 93AB E19A 2E4C CB5D  3E4E 7CAB E6AC 9E35 361E
Subject: Re: [devel] IA: destination buffer overflow - ppp
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Nov 2007 22:27:54 -0000
Archived-At: <http://lore.altlinux.org/devel/20071129222751.GA30354@basalt.office.altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--AqsLC8rIMeq19msA
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 29, 2007 at 06:06:01PM +0600, Slava Semushin wrote:
> 29.11.07, =E4=C5=CE=C9=D3 =F3=CD=C9=D2=CE=CF=D7<mithraen / altlinux.ru> =
=CE=C1=D0=C9=D3=C1=CC(=C1):
> [...]
> > KAS> =F7 glibc =CE=C5=D4=D5 strlcpy =C9 strlcat. =F7 =CE=C1=DB=C5=CD gl=
ibc =D0=D2=C9=CC=CF=D6=C5=CE =D0=C1=D4=DE
> > KAS> glibc-2.5-obsd-alt-strlcpy-strlcat.patch
> > KAS> =F5=DE=C9=D4=D9=D7=C1=D1 =DE=D4=CF =CD=DC=CE=D4=DC=CA=CE=C5=D2 gli=
bc =D2=C1=C2=CF=D4=C1=C5=D4 =D7 redhat, =D4=D2=D5=C4=CE=CF =CF=D6=C9=C4=C1=
=D4=D8 =D7 =C9=C8 glibc
> > KAS> =DC=D4=CF=D4 =D0=C1=D4=DE ;)
>=20
> =ED=C5=D3=D4=CF =C5=C7=CF =D2=C1=C2=CF=D4=D9 IMHO =D4=D5=D4 =C1=C2=D3=CF=
=CC=C0=D4=CE=CF =CE=C5=D0=D2=C9=DE=C5=CD.
>=20
> > =ED=CE=C5 =D6=D5=D4=CB=CF =C9=CE=D4=C5=D2=C5=D3=CE=CF =DE=D4=CF =CD=C5=
=DB=C1=C5=D4 =CD=C1=CE=D4=C5=CA=CE=C5=D2=D5 glibc =D7=CB=CC=C0=DE=C9=D4=D8 =
=DC=D4=CF=D4 =D0=C1=D4=DE.
>=20
> =F7=D3=A3 =D0=D2=CF=D3=D4=CF: =CF=CE =D0=D2=CF=D4=C9=D7.
>=20
> =E3=C9=D4=C1=D4=C1 =D3 http://en.wikipedia.org/wiki/Strlcpy:
>=20
> "Furthermore, some, including Ulrich Drepper, argue that strlcpy and
> strlcat make truncation errors easier for a programmer to ignore and
> thus can introduce more bugs than they remove;[2] consequently, these
> functions have not been added to the GNU C Library."

=FA=C1=C2=C1=D7=CE=CF =D4=CF, =DE=D4=CF =DC=D4=C1 =D0=CF=DA=C9=C3=C9=D1 =CE=
=C5 =D0=CF=CD=C5=DB=C1=CC=C1 =C5=CD=D5 =CE=C1=D0=CC=CF=C4=C9=D4=D8 =D7 =D3=
=C1=CD=CF=CD glibc
=C4=CF=D3=D4=C1=D4=CF=DE=CE=CF =CB=CF=C4=C1, =CE=C5=D0=D2=C1=D7=C9=CC=D8=CE=
=CF =C9=D3=D0=CF=CC=D8=DA=D5=C0=DD=C5=C7=CF asprintf:

2001-12-06  Ulrich Drepper  <drepper.redhat.com>
        * libio/vasprintf.c (_IO_vasprintf): Free buffer on failure.
        * assert/assert.c: Check result of __asprintf call and don't use
        string if it failed.
        * assert/assert-perr.c: Likewise.
        * inet/rcmd.c: Likewise.
        * locale/programs/localedef.c (main): Check result of
        construct_output_path and exit if it failed.
        (construct_output_path): Check result of asprintf and mkdir calls a=
nd
        fail if they failed.
        * posix/getopt.c: Check result of __asprintf calls and fail if
        they failed.
        Patch by Dmitry V. Levin <ldv.alt-linux.org>.

2004-06-14  Andreas Schwab  <schwab.suse.de>
        * stdio-common/psignal.c (psignal): Don't use BUF when asprintf
        failed.

2004-05-07  Dmitry V. Levin  <ldv.altlinux.org>
        * argp/argp-help.c (__argp_error, __argp_failure): Check result
        of __asprintf call and don't use string if it failed.
        * stdio-common/psignal.c (psignal): Likewise.
        * locale/programs/localedef.c (more_help): Likewise.
        * resolv/res_hconf.c (arg_service_list, arg_trimdomain_list,
        arg_bool, parse_line): Check result of __asprintf calls and
        don't use string if they failed.
        * sunrpc/svc_simple.c (registerrpc, universal): Likewise.
        * elf/ldconfig.c (parse_conf_include): Check result of __asprintf
        call and exit if it failed.


--=20
ldv

--AqsLC8rIMeq19msA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHTzznfKvmrJ41Nh4RArmFAJ9AeOMQN88rGRF1XV+OaBBCkjU14wCffJBx
B+f2Lc04appdwdvyay2ObtQ=
=CQAl
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--