Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: devel

Silly code in clamav-0.93.1/shared/cfgparser.c

 

 

ClamAV devel RSS feed   Index | Next | Previous | View Threaded


dfs at roaringpenguin

Jun 12, 2008, 7:35 AM

Post #1 of 3 (1465 views)
Permalink
Silly code in clamav-0.93.1/shared/cfgparser.c

Hi,

Just auditing the ClamAV code, I see:

289 char *cpy = (char *) calloc(strlen(arg), 1);
290 strncpy(cpy, arg, strlen(arg) - 1);
291 cpy[strlen(arg)-1]='\0';

Ummm... whaaa???

Surely you mean: cpy = strdup(arg);

At the very least, you need to check the return from calloc().

Regards,

David.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


dfs at roaringpenguin

Jun 12, 2008, 7:39 AM

Post #2 of 3 (1374 views)
Permalink
Re: Silly code in clamav-0.93.1/shared/cfgparser.c [In reply to]

David F. Skoll wrote:

> Just auditing the ClamAV code, I see:
>
> 289 char *cpy = (char *) calloc(strlen(arg), 1);
> 290 strncpy(cpy, arg, strlen(arg) - 1);
> 291 cpy[strlen(arg)-1]='\0';

> Ummm... whaaa???

> Surely you mean: cpy = strdup(arg);

Oops, followed by: cpy[strlen(arg)-1] = 0;

to chop off the trailing 'm' or 'k'.

Regards,

David.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net


tkojm at clamav

Jun 12, 2008, 2:20 PM

Post #3 of 3 (1370 views)
Permalink
Re: Silly code in clamav-0.93.1/shared/cfgparser.c [In reply to]

On Thu, 12 Jun 2008 10:35:11 -0400
"David F. Skoll" <dfs [at] roaringpenguin> wrote:

> Surely you mean: cpy = strdup(arg);
>
> At the very least, you need to check the return from calloc().

David,

thanks for spotting this glitch, it's now fixed in SVN. If you find any more
issues like this, please open a bug report in our bugzilla and report them
there.

Thanks,

--
oo ..... Tomasz Kojm <tkojm [at] clamav>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Jun 13 02:06:38 CEST 2008
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

ClamAV devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.