cvs commit: src/sys/libkern strtok.c src/sys/sys libkern.h src/sys/conf files

Nate Lawson nate at root.org
Fri Oct 7 11:56:04 PDT 2005


Bruce Evans wrote:
> On Thu, 6 Oct 2005, Nate Lawson wrote:
> 
>> Pawel Jakub Dawidek wrote:
>>
>>> pjd         2005-10-06 11:10:10 UTC
>>>
>>>   FreeBSD src repository
>>>
>>>   Modified files:
>>>     sys/sys              libkern.h     sys/conf             files   
>>> Added files:
>>>     sys/libkern          strtok.c   Log:
>>>   Add strtok() and strtok_r() function to libkern.
>>>     MFC after:      2 weeks
>>>     Revision  Changes    Path
>>>   1.1055    +1 -0      src/sys/conf/files
>>>   1.1       +98 -0     src/sys/libkern/strtok.c (new)
>>>   1.51      +2 -0      src/sys/sys/libkern.h
>>
>>
>> Why is the kernel parsing strings?  Seems like a good way to introduce 
>> security flaws.
> 
> 
> sscanf() is a similar older mistake in the kernel.  sscanf() is only
> slightly more useable than gets(), since its behaviour on overflow is
> undefined and input that is not parsed in other ways can easily cause
> overflow.  (Its actual behaviour is to blindly truncate results.)  In
> the kernel, more than half (by sscanf count) of its abuses are for %d
> or %x formats which can easily be handled right using strto[u]l().

I don't have time at the moment (working on new battery support) but I'd 
appreciate it if you removed sscanf.

-- 
Nate


More information about the cvs-src mailing list