nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] OpenBSD added to the buildbot cluster

2013-12-16 00:47:46
    Date:        Mon, 16 Dec 2013 06:24:02 +0100
    From:        Ingo Schwarze <schwarze(_at_)usta(_dot_)de>
    Message-ID:  <20131216052401(_dot_)GF30435(_at_)iris(_dot_)usta(_dot_)de>

  | Of course there are correct uses of strcat()

We were actually talking about strcpy() not strcat() - people make more
mistake with strcat() than strcpy(), but even that is not a broken API.

  | Well, the warning is not so much about "could" or "might" (in theory),
  | but about *practical* experience of code auditors.  It reads:
  | 
  |   warning: strcat() is almost always misused, please use strlcat()

"Almost always"???  specially when the function is strcpy, not strcat ?
Really - that suggests that it is almost never used correctly - and that's
nonsense.

I have no problem with a tool that checks for things like this ad produces
warnings, and allows develoers to check their code for correctness.  To
be really useful, it should avoid wanrning about the obviously correct
uses, like ...

        d = malloc(strlen(s) + 1);
        if (d != 0)
                strcpy(d, s);
        return d;

And yes, know this is strdup() - but I would not be surprised if many
of the uses of strcpy() in nmh are just like that.  nmh (and MH that
preceded it) is old - much older than strdup().

Or, for strcat ...

        d = malloc(strlen(s1) + stlen(s2) + 2);
        if (d != 0) {
                strcpy(d, s1);
                strcat(d, "/");
                strcat(d, s2);
        }
        return d;


But this kind of thing really should not be in the linker, by then it
is much too late to give meaningful diagnostics, and expecting coders
to change perfectly safe code (like that above) just because someone
has observed misuse, more than once perhaps, but certainly not every
time, is just absurd.

  | In this case, overflow prevention is not even attempted, which is
  | typical (rather than the exception) for strcat use in the wild.

I agree, strcat() is more often misused.   But go back to the original
message - the complaint was about strcpy().    Feel free to let us know
which uses of strcpy() in nmh are errors ...

kre

ps: often "easier to audit" means "presumed better" which means "investigated
less stringently" which leads to "unsafe".   There's no shortcut to actually
doing the work.



_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>