Re: BUG REPORT: module popper.c, function getline()

[Carles Xavier Munyoz Bald�]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 28 May 2001 16:46, Gregory Hicks wrote:
> I've always found that, when testing software, one should test software
> in the mode it was designed for...  Ie: if the software is designed to
> receive lines, to send it lines.  If it designed to recognize character
> at a time inputs AND line at a time, to test both.  If designed for only
> 'character input', send only character inputs...

Sorry, but I don't agree with your opinion.
I'm a software developer and when I develope my software I make it to be 
prepared for any input it can receive. 
You can not develope a software and wait that all users send you the input 
in the format you have specified (not all the people is good user, in the net 
exists hackers and other kinds of bad users :).

One of the most important tasks of a software developer is the syntax parse 
of the inputs received from the users.
If this task is not done well, you will have problems like buffer overflows, 
segmentation faults, security problems, etc...
Great part of the bugs reported to software developers like BIND, SENDMAIL, 
QPOPPER, ..., are bugs about buffer overflows generated due to a bad input 
parse.

Greetings.
- ---
Carles Xavier Munyoz Bald� / [EMAIL PROTECTED]
VAS - Experto en Sistemas IP
Wanadoo Espa�a - http://www.wanadoo.es/
Tel: +34 96 5040046 - Fax: +34 96 5040047
- ---
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBOxJxihAGkoZz8//aEQKN6QCfQg3+MOMx+Rc0F0colYPO2Eea1aEAn1Ky
77SRusQeNScHKm4C9R6uWihC
=7/V6
-----END PGP SIGNATURE-----