On Tue, Aug 13, 2013 at 5:43 PM, Dan Gora <dan.g...@gmail.com> wrote: > My patch made no attempt to perform a security audit of the code. It > was only to get rid of the warnings that were caused by removing the > compilation flag. The same scanf's which were there before are still > there, just the return code is now checked. >
Dan, I know and never said otherwise. And that's where I see problem. This is not the first attempt like that and I'm afraid once "patched over" it will be forgotten. As you have said, the same scanf() which were there before are still there. Put it other and more general way, the same crap code we had before is still there and we're just patching over it. Now, don't take it personally, because that's seems to be pretty much general idea around here. > If you want to go though all this hassle of getting rid of every scanf > from the code, then that's up to you, but I don't think that there is > any reason to intermingle this fairly massive project with my fairly > simple patch to add return code checking. They are two different > things and should be done in two different patches. > Very, very sad, but you're right. I did quick grep through sources and then did double-facepalm. I guess enough said. I'll give it a commit once I recover. Z. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
