RE: alert.c

monit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: alert.c

From:	Jan-Henrik Haukeland
Subject:	RE: alert.c
Date:	Sat, 19 Oct 2002 01:49:47 +0200

> I figured we were OK. I'm running RATS and tracking down the large
> amount of (mostly harmless) warnings.

Great! I got a mail from Leppo as well (with a long warning list). 
He's also running RATS on the monit code. It's excellent if you guys
can clean up obvious security holes, although I think we're not that 
bad :-)

To answer your second mail about using strncat in the replace code,
it's not so easy, besides I feel very comfortable with this not being
a potential security issue, since the code operate on it's own created
sub-strings, that is, it does not bluntly strcat parameters without 
checking them.

Jan-Henrik


> 
> On Fri, 2002-10-18 at 15:01, Jan-Henrik Haukeland wrote:
> > > In this snippet of code from alert.c:
> > > *
> > > I have a few questions. Why are we using a fixed sized buffer for buf?
> > 
> > Since I'm to blame for the code I can try and answer this. The 
> buffer is not
> > fixed, I relay on a feature in gcc that allows for dynamically declaring a
> > buffer size. The size is different for each string to replace. If 
> this feature
> > didn't exist or another compiler than gcc was used it would 
> probably be better
> > to malloc the string.
> > 
> > > Wouldn't it be easier and better to malloc it?
> > 
> > The idea (not a big point in this case) is that malloc is more 
> expensive than
> > automatic variables. Besides it's one less free() to remember.
> > 
> > > Shouldn't we be using strncat?
> > 
> > Since we now the size of the strings we are operating on it's okay.
> > 
> > > Why do we free(*src) and then use it right after?
> > 
> > Because src is the old string and buf the new replaced string, we 
> free(() src
> > to avoid a memory leak before we set src to point to the new string.
> > 
> > I hope that explained the function?
> > 
> > Jan-Henrik
> > 
> > 
> > 
> > _______________________________________________
> > monit-dev mailing list
> > address@hidden
> > http://mail.nongnu.org/mailman/listinfo/monit-dev
> > 
> -- 
> Rory Toma             address@hidden
> VP of Run Level 5     http://www.trs80.net
> Digeo Digital         http://www.digeo.com
>

[Prev in Thread]

Current Thread

[Next in Thread]

alert.c, Rory Toma, 2002/10/18
- RE: alert.c, Jan-Henrik Haukeland, 2002/10/18
  - RE: alert.c, Rory Toma, 2002/10/18
    - RE: alert.c, Jan-Henrik Haukeland <=
  - RE: alert.c, Rory Toma, 2002/10/18

Prev by Date: Re: CPU statistic problem
Next by Date: CPU statistic problem
Previous by thread: RE: alert.c
Next by thread: RE: alert.c
Index(es):
- Date
- Thread