Hobbit code. Hidden bonus content: "pour encourager les autres"
-
It's quite difficult to prepare without going mushy, according to that cookbook by a Dr Lecter.
-
This post is deleted!
-
@PJH said:
char ip_as_string[INET_ADDRSTRLEN];
...
strncpy(ip_as_string, convert_ip_to_string(ip->sin_addr.s_addr), INET_ADDRSTRLEN);So close, and yet... still fucked it up.
Why?
@man strncpy said:
The strncpy() function is similar, except that at most n bytes of src are copied. Warning: If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated.
@/include/linux/inet.h said:
51 #define INET_ADDRSTRLEN (16)
The longest an IP address can be is 15 characters (16 if including the
NUL
) - how can this break?Presume that
convert_ip_to_string()
will always return a valid IP address (or a blank string).
-
made of meat
Actually mostly made of fat. Which is why I never feel put down when somebody calls me a fathead.
-
-
There's no provision for IPv6! BAM!
-
Why?
The code omits +1 for the buffer allocation, otherwise strncpy() can leave you with a non-terminated string. That's not an error in itself, but the next thing you do with it probably assumes it's terminated, which will be an error. In this specific case it turns out it doesn't matter because the data won't be that big, but it was unlikely to be intentional.
The longest an IP address can be is 15 characters (16 if including the NUL) - how can this break?
Presume that convert_ip_to_string() will always return a valid IP address (or a blank string).
What you say is true, but nothing is gained with strncpy() over strcpy() if you don't get the number of chars to copy right. Just use strcpy() instead.
Does that make you feel uncomfortable? It does me.
-
Does that make you feel uncomfortable? It does me.
Well, as I pointed out in post #1, the fact that the whole block exists makes me feel uncomfortable. The fact that there are WTFs in it only compounds that feeling.
-
Fifteen hundred drafts on a dead man's chest.
Yo ho ho, and a round of server cooties!
Redis and Discourse have done for the rest.
Yo ho ho, and a round of server cooties!Filed under: We need a new draft cloud attack