[Date Prev][Date Next]
Re: strcat()->strncat() safety changes (ITS#518)
On Thu, Apr 27, 2000 at 04:38:06PM -0500, Randy Kunkee wrote:
> I looked at some of this patch file. It is noteable at the top that
> you have a RedHat copyright -- I don't know if it would make it incompatable
> for contribution back to the OpenLDAP codebase, but it seems for minor changes
> like those that such a copyright is unfounded.
I agree completely. I was told by Ben via email that some sort of permission
statement would need to be added, so I attached the usual text we use when
it needs to be there. The only examples I could find on the web site were
all prefaced with a note that the developer team aren't lawyers. If there's
a specific license (or none) you'd prefer, I'd be happy to change it. (The
version of the patch in the latest source package in Raw Hide has no such
statement, actually; we usually don't bother with them for patches.)
> Also, a number of those changes are unnecessary, and just add extra code.
> For example, when you start with a 255 char buffer, and you are squeezing
> extra spaces out, but definition you are not going to overrun that buffer.
This patch was almost an afterthought, and parts of it are almost certain
to be redundant, as I wasn't too choosy in which parts of the code to make
changes in. If there is logic to prevent overflows in some other way, I
didn't trace through it. If data passed in that gets passed to strcat()
or strcpy() is length checked before being passed in, I missed that, too.
By all means please use the useful parts (if there are any), and chuck the
rest. You won't be hurting my feelings.