On Sunday 02 March 2008 15:52:21 Lmwangi wrote:
> Hi Jan,
>
> On Sat, Mar 1, 2008 at 11:12 PM, Jan-Oliver Wagner
>
> <[EMAIL PROTECTED]> wrote:
> > On Saturday 01 March 2008 17:23, [EMAIL PROTECTED] wrote:
> > > trunk/openvas-libraries/libopenvas/proctitle.c
> > > + strncpy(s,envp[i],strlen(envp[i]));
> >
> > shouldn't in general the length of the destination be the limiting
> > factor?
>
> It should be.. but luckily for us, it seems like the guys who coded
> the libraries were malloc'ing the required space beforehand. In this
> case the string length for the envp array is precalculated in the loop
> on line 27 into envpsize and later s is created from envpsize+space
> for '\0'. So putting in
> strncpy(s,envp[i],strlen(envp[i]));
> is redundant (silencing flawfinder), since s will always be as large
> as required.. Unless of course malloc fails :(.
This initially concerned me, but it seems that:
/*
* If no memory can be allocated, then wait a little.
* It's very likely that another nessusd child will free
* the size of memory we need. So we make 10 attempts,
* and if nothing happens, then we exit
*/
(from system.c, emalloc() definition)
So any emalloc() call should be safe against returning NULL.
Tim
--
Tim Brown
<mailto:[EMAIL PROTECTED]>
<http://www.nth-dimension.org.uk/>
_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel