Vladimir G. Ivanovic
vgivanovic at comcast.net
Thu Jun 22 00:52:03 EDT 2006
What checkers have you used?
I noticed that in a recent Scientific American, there was discussion of
a number of model checkers. Have you applied any of them to XEmacs?
P.S. When I ran 'make check' I got some errors. I haven't checked to see
if they've been reported.
On Wed, 2006-06-21 at 21:44 -0600, Jerry James wrote:
> I wrote:
> > I tried out a "security checker" today that supposedly looks for
> > security-related properties of code. It mostly produced nonsense, but
> > it did find this: in sound.c, line 645, we do a strcpy. We are copying
> > into a stack buffer of fixed size (255 bytes). We are copying from
> > h->h_name, where h is a struct hostent * returned by gethostbyname().
> > Do we actually know that h->h_name must be 254 (+ 1 null terminator)
> > characters long or less? I don't see anything on the gethostbyname man
> > page that so indicates.
> Vladimir Ivanovic wrote to tell me that he sees various definitions of
> MAXHOSTNAMELEN, including 32, 64, and 255. He also pointed out that
> POSIX defines a bound. According to the current POSIX spec, platforms
> may define a constant named HOST_NAME_MAX in <limits.h> that gives the
> length of the largest string that gethostbyname() will return. It also
> states that they may fail to define that constant, in which case you
> have to use sysconf() to find the right value. If HOST_NAME_MAX is
> defined, then it must be no smaller than 255.
> The upshot is that overrunning the buffer is unlikely, but possible,
> since some systems may support host names of length > 255. Well, 254,
> with the code in its present state.
> Thanks Vladimir!
Vladimir G. Ivanovic <vgivanovic at comcast.net>
More information about the XEmacs-Beta