[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] 2.0b3 compile-time warnings

To: leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [leafnode-list] 2.0b3 compile-time warnings
From: Matthias Andree <ma@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: by mail-ob (mbox horst.fischer)(with Cubic Circle's cucipop (v1.31 1998/05/13) Mon Oct 30 22:22:07 2000)

krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Cornelius Krasel) writes:

> Matthias Andree wrote:
> 
> [...]
> 
> > Some things remain:
> > * getting rid of all sscanf (will do later)
> 
> Why is this desirable? 

2 words: Type checking.

> Methinks that writing your own parsing functions for all kinds of
> strings is *really* error-prone. 

The aim is to have simple, clear interfaces that can be enforced by the
compiler. I would not try do to things like this:

> I think the only possibility of a sscanf()-caused buffer overflow
> would be in nntpd.c, doauthinfo(): if ( sscanf( arg, "%s %s", cmd,
> param ) != 2 ) 

but rather split arg into pieces directly. 

> Everywhere else, sscanf() is only used to extract ints/longs from
> strings.

True, and you don't need sscanf() for that. 

-- 
Matthias Andree

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list

References:
- Re: [leafnode-list] 2.0b3 compile-time warnings
  - From: Cornelius Krasel

Prev by Date: Re: [leafnode-list] [ANNOUNCE] First Leafnode-2.0 beta version
Next by Date: Re: [leafnode-list] 2.0b3 compile-time warnings
Previous by thread: Re: [leafnode-list] 2.0b3 compile-time warnings
Next by thread: Re: [leafnode-list] 2.0b3 compile-time warnings
Index(es):
- Date
- Thread