At 12:46 19/02/01 -0800, Matt Dillon wrote:
> Yes, but we are talking about simple stupid config files here. Programs
> which actually tokenize an input stream typically do not use fgets().
> Tokenizers either use [f]lex, [f]getc(), read() (and handle the buffering
> themselves), or mmap().
I used the tokenize() just as an example. I consider that every program
that reads
a line thinks it is a line and that the next fgets will read the _next_
line. but
fgets doesn't guarantee that. so we have the following alternatives:
- assume the file is well formed (no too long lines).
- check that the lines are not too long.
I personally prefer the second alternative. It has a cost, but this is more
robust.
How many times have we seen things assumed for some time, and then the
code reused by someone else in another purpose but failing to check that
the assumptions are no more true. This has often resulted in security problems.
So I'd go for "trust BUT control". and this is even more important in
library functions.
cheers,
mouss
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
