[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: strcat()->strncat() safety changes (ITS#518)



On Thu, Apr 27, 2000 at 04:38:06PM -0500, Randy Kunkee wrote:
> I looked at some of this patch file.  It is noteable at the top that
> you have a RedHat copyright -- I don't know if it would make it incompatable
> for contribution back to the OpenLDAP codebase, but it seems for minor changes
> like those that such a copyright is unfounded.

I agree completely.  I was told by Ben via email that some sort of permission
statement would need to be added, so I attached the usual text we use when
it needs to be there.  The only examples I could find on the web site were
all prefaced with a note that the developer team aren't lawyers.  If there's
a specific license (or none) you'd prefer, I'd be happy to change it.  (The
version of the patch in the latest source package in Raw Hide has no such
statement, actually;  we usually don't bother with them for patches.)
 
> Also, a number of those changes are unnecessary, and just add extra code.
> For example, when you start with a 255 char buffer, and you are squeezing
> extra spaces out, but definition you are not going to overrun that buffer.

This patch was almost an afterthought, and parts of it are almost certain
to be redundant, as I wasn't too choosy in which parts of the code to make
changes in.  If there is logic to prevent overflows in some other way, I
didn't trace through it.  If data passed in that gets passed to strcat()
or strcpy() is length checked before being passed in, I missed that, too.

By all means please use the useful parts (if there are any), and chuck the
rest.  You won't be hurting my feelings.

Thanks,

Nalin