Re: Oh, come *on*

[prev] [thread] [next] [lurker] [Date index for 2004/11/03]

From: Nicholas Clark
Subject: Re: Oh, come *on*
Date: 05:58 on 03 Nov 2004
On Tue, Nov 02, 2004 at 06:45:04PM -0600, sabrina downard wrote:
> pulled out of a program i'm trying to figure out why it's misbehaving:
> 
>     /* How to print/log error messages */
>     #define         DANGER_WILL_ROBINSON(KateBush) \
>             { if (Debug) \
>                     perror (KateBush); \
>             if (Log) { \
>                     char *xyzzy = malloc(strlen(KateBush)+4); \
>                     (void) strcpy(xyzzy, KateBush); (void) strcat(xyzzy, ": %m"); \
>                     syslog (LOG_ERR, xyzzy); free(xyzzy); } \

Gosh. That's both buggy and dangerous code. Firstly it should be strlen() + 5
(as it's appending 4 characters, but forgot about the NUL). Fix that and it's
still evil, as if anyone unwittingly logs a string with "%s" or "%p" (or
variants) the program is likely to segfault.

  syslog (LOG_ERR, "%s: %m", KateBush);

in place of that malloc/strcpy/strcat/free mess is much safer, given that
the author can't be wanting to take advantage of syslog()'s printf-like
formatting as made clear by the call to perror().


Been there, diagnosed a previous piece of hateful software of being guilty
of this. Don't try to log URL-encoded e-mail addresses like this.
( user@xxxxxxxxx.xxx => user%40somewhere.com => SEGV )

Does the rest of this hateful software contain as many errors-per-line as
this excerpt?

Nicholas Clark

Generated at 10:01 on 05 Nov 2004 by mariachi 0.52