Re: questions regarding libmimelib1 as seperate source package
On 24/04/2009 Russ Allbery wrote:
> Jonas Meurer <jonas@freesources.org> writes:
>
> > - I bumbed the library version to 1.1.4 and kept soname libmimelib.so.1
> > from the libmimelib1c2a package. The source changes I made where
> > simple strlcpy() -> strncpy() migration, so a soname bump should not
> > be necessary.
>
> Just to double-check, you added explicit nul termination for all strings
> as an additional line of code when making that change, correct? (I
> personally prefer to ship a replacement strlcpy function rather than
> using strncpy, since the strncpy semantics are rather broken.)
Yes, exactly. I already had considered to use the strlcpy/strlcat
functions from kdelibs/kdecore/fakes.c, but then in a conversation with
ron on #debian-devel regarding that issue he advised me to use standard
functions instead.
It seems like people tend be enthusiastic about either of the solutions.
Unfortunately ron discovered a far worse issue. The way str[ln]cat() is
used in mimelib makes it very error-prone to buffer overflows:
#define SEND_BUFFER_SIZE 1024
...
mSendBuffer = new char[SEND_BUFFER_SIZE];
...
strlcpy(mSendBuffer, "PASS ", SEND_BUFFER_SIZE);
strlcat(mSendBuffer, aPasswd, SEND_BUFFER_SIZE);
strlcat(mSendBuffer, "\r\n", SEND_BUFFER_SIZE);
this without any santising code for aPasswd causes mSendBuffer to be
overflowable for at least strlen("PASS ") + strlen("\r\n").
ron suggested to migrate the code to c++ std::string, but I fear that I
don't have the skills to do that in a safe and secure manner.
greetings,
jonas
Reply to: