[olsr-dev] [PATCH] Improvements in dot_draw plugin

Bernd Petrovitsch (spam-protected)
Tue Nov 8 12:07:57 CET 2005 

On Mon, 2005-11-07 at 07:14 +0100, Andreas Tønnesen wrote:
[...]
> Thanks, patches are always appreciated :-)
> But if you can make them against the current CVS version you'll make
> life easier for everybody and you make sure you're not fixing something
> that is already fixed.

ACK. And I (tried to) apply to former patch. A similar one against
current cvs is attached.

> Regarding the sprintf issue I agree that it is bad, but in this code the
> string arguments passed to the %s format is always the result for the
> olsr_ip_to_string fuction which I regard to be a "controlled" result.

Yes, of course I don't want to imply that anything is seriously broken
*now* (please insert definition of "seriously broken" here;-).
It is just to be sure that no (hidden) bug is introduced if e.g. some of
the controlled functions (like inet_ntoa()) is replaced at sometime in
the future with not-so-controlled functions (or even worse that parts of
these strings comes from the config-file or command line).
And I don't think that one (especially not me) checks *all* callers of a
function if such a change is made just to check that some buffer is
large enough after the change.

> In the core olsrd code there is (AFAIK) no use of potentially dangerous
> string functions, but in plugins such as this I don't think this is a

I will explain the potential weakness with the patches (even if they are
quite pathological cases).
And gcc (especially gcc-4.0x) has also a lot of nice warnings to find
superflous or strange code.

> big problem. But if you'd like to clean it up in a platform independent
> way, feel free to do so :-)

BTW is there some (not so interesting) plugin or similar part of the
code where the platform independency can be tried with simply committing
a change and wait for complaints/bug reports (i.e. the compile breakage
is not that serious).

	Bernd
-- 
Firmix Software GmbH                   http://www.firmix.at/
mobil: +43 664 4416156                 fax: +43 1 7890849-55
          Embedded Linux Development and Services
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dot-draw.patch
Type: text/x-patch
Size: 3956 bytes
Desc: not available
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20051108/f4011291/attachment.bin>

More information about the Olsr-dev mailing list