* Guidelines: New code must use a bounded-buffer abstraction that provides at least some level of sanity checks on accesses. Direct pointer twiddling based on untrustable buffers is not generally acceptable in new code in Quagga. --- HACKING.md | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/HACKING.md b/HACKING.md index 3a449da..2b0e185 100644 --- a/HACKING.md +++ b/HACKING.md @@ -27,6 +27,13 @@ due to whitespace issues, to minimise merging conflicts. Be particularly careful not to break platforms/protocols that you cannot test. +Parsers or packet-writers of data from untrusted parties, particularly +remote ones, *MUST* use the lib/stream bounded-buffer abstraction, and use +its checked getters and putters. Twiddling of pointers based on contents of +untrusted data is _strongly_ discouraged - any such code is not acceptable, +unless there are very good reasons (e.g. compatibility with external or old +code that is not easily rewritten). + New code should have good comments, which explain why the code is correct. Changes to existing code should in many cases upgrade the comments when necessary for a reviewer to conclude that the change has no unintended -- 2.5.0 _______________________________________________ Quagga-dev mailing list [email protected] https://lists.quagga.net/mailman/listinfo/quagga-dev
