Mailing-List: contact cygwin-developers-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-developers-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin-developers AT sources DOT redhat DOT com
Date: Sat, 24 Nov 2001 22:38:24 +0100
From: Corinna Vinschen <vinschen AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: Re: Added some defensive code to net/socket functions
Message-ID: <20011124223824.F14975@cygbert.vinschen.de>
Reply-To: cygwin-developers AT cygwin DOT com
Mail-Followup-To: cygwin-developers AT cygwin DOT com
References: <20011124031835 DOT GA22045 AT redhat DOT com> <20011124221357 DOT D14975 AT cygbert DOT vinschen DOT de> <20011124212645 DOT GA9292 AT redhat DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011124212645.GA9292@redhat.com>; from cgf@redhat.com on Sat, Nov 24, 2001 at 04:26:45PM -0500

On Sat, Nov 24, 2001 at 04:26:45PM -0500, Christopher Faylor wrote:
> On Sat, Nov 24, 2001 at 10:13:57PM +0100, Corinna Vinschen wrote:
> >On Fri, Nov 23, 2001 at 10:18:35PM -0500, Christopher Faylor wrote:
> >> As I was in the process of adding the fd protection code that was just
> >> mentioned in the cygwin mailing list, I decided to add the normal buffer
> >> checking defensive code to most of the net/socket functions.  I've
> >> verified that sshd, inetd, and telnetd still work, but I'd appreciate it
> >> if I could get some assurance that I haven't broken anything else.
> >> 
> >> The checking in net.cc was a lot trickier than I had anticipated so
> >> I could easily have gotten something wrong.
> >> 
> >> If someone could verify my changes, it would be great.
> >
> >They look ok except for one in cygwin_inet_network() which I've just
> >changed.
> >
> >I have added the missing checks except for cygwin_rcmd() and
> >cygwin_rexec().  They both have a so weird usage of the pointered
> >parameters.  Hmm, I could add stuff at least partly.
> 
> herror, does something special when it's parameter is NULL, though.
> I don't think a parameter check is appropriate here.  linux actually
> gets a SEGV when you pass herror an invalid parameter.

I've just figured already that s == NULL is allowed and changed
the patch locally.  But isn't it overopportunistic to have a SEGV
just because the Linux lib doesn't check the parameter?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.