Jerry,
What checkers have you used?
I noticed that in a recent Scientific American, there was discussion of
a number of model checkers. Have you applied any of them to XEmacs?
--- Vladimir
P.S. When I ran 'make check' I got some errors. I haven't checked to see
if they've been reported.
On Wed, 2006-06-21 at 21:44 -0600, Jerry James wrote:
I wrote:
> I tried out a "security checker" today that supposedly looks for
> security-related properties of code. It mostly produced nonsense, but
> it did find this: in sound.c, line 645, we do a strcpy. We are copying
> into a stack buffer of fixed size (255 bytes). We are copying from
> h->h_name, where h is a struct hostent * returned by gethostbyname().
> Do we actually know that h->h_name must be 254 (+ 1 null terminator)
> characters long or less? I don't see anything on the gethostbyname man
> page that so indicates.
Vladimir Ivanovic wrote to tell me that he sees various definitions of
MAXHOSTNAMELEN, including 32, 64, and 255. He also pointed out that
POSIX defines a bound. According to the current POSIX spec, platforms
may define a constant named HOST_NAME_MAX in <limits.h> that gives the
length of the largest string that gethostbyname() will return. It also
states that they may fail to define that constant, in which case you
have to use sysconf() to find the right value. If HOST_NAME_MAX is
defined, then it must be no smaller than 255.
The upshot is that overrunning the buffer is unlikely, but possible,
since some systems may support host names of length > 255. Well, 254,
with the code in its present state.
Thanks Vladimir!
--
Vladimir G. Ivanovic <vgivanovic(a)comcast.net>