[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [leafnode-list] 2.0b3 compile-time warnings
krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Cornelius Krasel) writes:
> Matthias Andree wrote:
>
> [...]
>
> > Some things remain:
> > * getting rid of all sscanf (will do later)
>
> Why is this desirable?
2 words: Type checking.
> Methinks that writing your own parsing functions for all kinds of
> strings is *really* error-prone.
The aim is to have simple, clear interfaces that can be enforced by the
compiler. I would not try do to things like this:
> I think the only possibility of a sscanf()-caused buffer overflow
> would be in nntpd.c, doauthinfo(): if ( sscanf( arg, "%s %s", cmd,
> param ) != 2 )
but rather split arg into pieces directly.
> Everywhere else, sscanf() is only used to extract ints/longs from
> strings.
True, and you don't need sscanf() for that.
--
Matthias Andree
--
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list