Re: Security in a shell that starts ssh

To: debian-security@lists.debian.org
Subject: Re: Security in a shell that starts ssh
From: Steve Greenland <stevegr@debian.org>
Date: Wed, 13 Jun 2001 16:10:27 -0500
Message-id: <[🔎] 20010613161027.D2048@molehole.moregruel.net>
Reply-to: Steve Greenland <stevegr@debian.org>
In-reply-to: <[🔎] 20010613204756.A1761@koan.dhs.org>

On 13-Jun-01, 13:47 (CDT), Tim van Erven <tripudium@chello.nl> wrote: 
> > On Wed, Jun 13, 2001 at 10:57:08AM -0500, Steve Greenland wrote:
> > > > int main()
> > > 
> > > int main(void)   /* () != (void) in C */
> 
> The comp.lang.c faq (http://www.faqs.org/faqs/C-faq/faq/) says it's ok.

Where does it say this? The only thing I can see is under 11.12, where
it says "main must be declared as returning an int, and as taking either
zero or two arguments, of the appropriate types." That means either 'int
main(void)' or 'int main(int argc, char *argv[])' (or 'char **argv'
or some other compatible variations). 'int main()' has unspecified
arguments, not zero.

Or does it? Since it's a definition, not a declaration, it *is* a
function with no arguments. OTOH, the standard specifically says main
should be either 'int main(void)' or 'int main(int argc, char **argv)'.
I think I may ask about this on comp.std.c.

> > >      if(name[strlen(name) - 1] != '\n') {
> 
> Yes, this does look slightly better.

Since I'm already cluttering up -security with a reply, I'll point out
that adding the braces wasn't strictly appearance. After a few times of
rounds adding a second line to an un-braced if clause, you'll appreciate
the habit of *always* putting in the braces.

> > Possible access to unallocated memory if "\0\n" supplied as input.
> 
> Only if strlen(name) = 0 and besides from being hard to achieve when
> entering data on stdin, fgets will return 0 if that happens.

But not if you feed it a file.

> No comments about my spelling mistake ('to long')? Personally I
> considered that the worst offence. Btw, I should start posting all my
> code to this list. That would *really* fix-up my coding habbits. :)

debian-codereview@lists.debian.org anyone? The place I used to work did
code reviews for a short while: humbling and immensely valueable. I
don't know why we got out of that habit; probably someone decided it
"took too long", as if fixing bugs in released products was cheap.

Steve
-- 
Steve Greenland <stevegr@debian.org>
(Please do not CC me on mail sent to this list; I subscribe to and read
every list I post to.)

Reply to:

Follow-Ups:
- Re: Security in a shell that starts ssh
  - From: Tim van Erven <tripudium@chello.nl>
- Re: Security in a shell that starts ssh
  - From: Daniel Ginsburg <dg@warpsolutions.com>

References:
- Re: Security in a shell that starts ssh
  - From: Tim van Erven <tripudium@chello.nl>

Prev by Date: Re: Security in a shell that starts ssh
Next by Date: Re: Security in a shell that starts ssh
Previous by thread: Re: Security in a shell that starts ssh
Next by thread: Re: Security in a shell that starts ssh
Index(es):
- Date
- Thread