On Sunday 02 March 2008 15:52:21 Lmwangi wrote:
> Hi Jan,
>
> On Sat, Mar 1, 2008 at 11:12 PM, Jan-Oliver Wagner
>
> <[EMAIL PROTECTED]> wrote:
> > On Saturday 01 March 2008 17:23, [EMAIL PROTECTED] wrote:
> >  >    trunk/openvas-libraries/libopenvas/proctitle.c
> >  > +             strncpy(s,envp[i],strlen(envp[i]));
> >
> >  shouldn't in general the length of the destination be the limiting
> > factor?
>
> It should be.. but luckily for us, it seems like the guys who coded
> the libraries were malloc'ing the required space beforehand. In this
> case the string length for the envp array is precalculated in the loop
> on line 27 into envpsize and later s is created from  envpsize+space
> for '\0'. So putting in
>                 strncpy(s,envp[i],strlen(envp[i]));
> is redundant (silencing flawfinder), since s will always be as large
> as required.. Unless of course malloc fails :(.

This initially concerned me, but it seems that:

    /*
     * If no memory can be allocated, then wait a little.
     * It's very likely that another nessusd child will free
     * the size of memory we need. So we make 10 attempts,
     * and if nothing happens, then we exit
     */

(from system.c, emalloc() definition)

So any emalloc() call should be safe against returning NULL.

Tim
-- 
Tim Brown
<mailto:[EMAIL PROTECTED]>
<http://www.nth-dimension.org.uk/>
_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel

Reply via email to