[PATCH] Remove clobber_region() etc
abartlet at samba.org
Tue Mar 22 01:16:03 MDT 2011
On Tue, 2011-03-22 at 08:01 +0100, Volker Lendecke wrote:
> On Tue, Mar 22, 2011 at 05:37:12PM +1100, Andrew Bartlett wrote:
> > We don't have pstrings any more, so the underlying risk has changed.
> > Has anyone found any bugs using this code in the past few years?
> I haven't. And, to be honest, I never really understood the
> reasoning behind those safe_strcpy things given that we have
> strlcpy these days. For me it's always a pain to follow the
> these safe_strcpy macros, so simplifying them is worthwile
> to me.
> > As such I propose to remove the clobber_region() calls and the extra
> > functions arguments they required. What do others think?
> Fine by me.
> > (The compile-time macros still work, and as they found a bug only today,
> > I'm not inclined to remove them.)
> Can you explain what and how you found a bug? As I said,
> these safe_strcpy macros are pretty much a mystery to me.
The outcome of the incredible macros in safe_string.h is that if you
safe_strcpy(cmdstring, panic_action, sizeof(cmdstring));
This will fail to compile, until changed to:
safe_strcpy(cmdstring, panic_action, sizeof(cmdstring) -1);
The macro uses some really, really scary code - testing at configure
time that a function call will be optimised out and using the ? operator
to test an expression using sizeof() the first argument.
Why exactly it wants it to be sizeof(x)-1 I'm not sure, but that showed
that the macro still works.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the samba-technical