[BusyBox] Re: quick sysctl more integration for busybox

[Ned Ludd]

300 bytes.. Great job! I've not tested your patch but there are some
area's from a quick glance that worry me from a security/sanity
perspective.

-               strncpy(buffer, name, sizeof(buffer));
-               strncat(buffer, "=", sizeof(buffer));
-               strncat(buffer, value, sizeof(buffer));
+               strcpy(buffer, name);
+               strcat(buffer, "=");
+               strcat(buffer, value);

This would be real bad if this applet were not set to _BB_SUID_NEVER.
Care must be taken with those strcpy() sprintf() to ensure bounds
checking at all times with user input. 
Vladimir could you please add some bounds checking and still see how
many bytes we can save? Thanks.

From looking back at the code I'm also thinking that we could drop the
| O_CREAT | O_TRUNC from the open() around line 234 of the first busybox
revision.

Erik,
Can we add a cvs $Header: $ to this file?

On Wed, 2003-12-24 at 09:59, Vladimir N. Oleynik wrote:
> Hi.
> 
> Last patch have 330 bytes size optimization for
> new sysctl applet as "more busybox integration".
> 
> NOT TESTED. Demonstrate only.
> 
> 
> --w
> vodz
-- 
Ned Ludd <solar at gentoo.org>
Gentoo Linux Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.busybox.net/pipermail/busybox/attachments/20031224/6bc60a59/attachment-0002.pgp