[rrd-developers] Re: rrd_graph and rrd_set_error patches for longer filenames
Tobias Oetiker
oetiker at ee.ethz.ch
Wed Oct 13 22:38:12 MEST 1999
Today you sent me mail regarding Re: [rrd-developers] rrd_graph and...:
*> On Sunday, October 10, Blair Zajac wrote:
*> >
*> > I've been running into some problems with pathnames longer than 255
*> > characters in rrd_graph. The following patch fixes these and prevents
*> > buffer overflows in rrd_set_error, unless the error is longer than
*> > 4096 characters.
*>
*> Why stop there? :-)
*>
*>
*> > diff -rc ../rrdtool-1.0.7.0/src/rrd_error.c ./src/rrd_error.c
*> > *** ../rrdtool-1.0.7.0/src/rrd_error.c Fri Aug 27 12:20:05 1999
*> > --- ./src/rrd_error.c Sun Oct 10 18:40:24 1999
*> > ***************
*> > *** 16,28 ****
*> > void
*> > rrd_set_error(char *fmt, ...)
*> > {
*> > ! int maxlen = strlen(fmt)*4;
*> > va_list argp;
*> > rrd_clear_error();
*> > - rrd_error = malloc(sizeof(char)*maxlen);
*> > va_start(argp, fmt);
*> > ! vsprintf(rrd_error, fmt, argp);
*> > va_end(argp);
*> > }
*>
*> This ain't perfect, if vsnprintf() exists, I'd use it...
*>
*>
*> > --- 16,29 ----
*> > void
*> > rrd_set_error(char *fmt, ...)
*> > {
*> > ! static char buffer[4096];
*> > va_list argp;
*> > rrd_clear_error();
*> > va_start(argp, fmt);
*> > ! vsprintf(buffer, fmt, argp);
*> > va_end(argp);
*> > + rrd_error = malloc(sizeof(char)*(strlen(buffer)+1));
*> > + strcpy(rrd_error, buffer);
*> > }
*>
*> I fail to see how this will differ much. Why not just add 4096 to
*> the above maxlen item? Same result, buffer at least 4K, but does not
*> solve the buffer overflow potential...
*>
*>
*> > diff -rc ../rrdtool-1.0.7.0/src/rrd_graph.c ./src/rrd_graph.c
*> > *** ../rrdtool-1.0.7.0/src/rrd_graph.c Fri Oct 1 12:15:28 1999
*> > --- ./src/rrd_graph.c Fri Oct 8 23:22:35 1999
*> > ***************
*> > *** 180,186 ****
*> >
*> > /* configuration of graph */
*> >
*> > ! char graphfile[255]; /* filename for graphic */
*> > long xsize,ysize; /* graph area size in pixels */
*> > col_trip_t graph_col[__GRC_END__]; /* real colors for the graph */
*> >
*> > char ylegend[200]; /* legend along the yaxis */
*> > --- 180,186 ----
*> >
*> > /* configuration of graph */
*> >
*> > ! char graphfile[1024]; /* filename for graphic */
*> > long xsize,ysize; /* graph area size in pixels */
*> > col_trip_t graph_col[__GRC_END__]; /* real colors for the graph */
*> >
*> > char ylegend[200]; /* legend along the yaxis */
*>
*> Why not use MAXPATHLEN if it exists? And if not, then think of some
*> POSIXLY decent default value for it? :-)
Toby! your posixly and securitxly correct patch for the problem woud be most
apreciated du to my current swamped ness in other work blairs patch has not
yet made it through into the tree ...
cheers
tobi
*>
*> --Toby.
*> *----------------------------------------------------------------------------*
*> | Tobias Weingartner | Email: weingart at cs.ualberta.ca | Nothing here yet |
*> | Apt B 7707-110 St. |--------------------------------| Nor here yet... |
*> | Edmonton, AB | Unix Guru, Admin, Systems-Dude | Nor here... |
*> | T6G 1G3 ---------------------------------------------------------------|
*> | Canada / %SYSTEM-F-ANARCHISM, The operating system has been overthrown |
*> *----------------------------------------------------------------------------*
*>
--
______ __ _
/_ __/_ / / (_) Oetiker, Timelord & SysMgr @ EE-Dept ETH-Zurich
/ // _ \/ _ \/ / TEL: +41(0)1-6325286 FAX:...1517 ICQ: 10419518
/_/ \.__/_.__/_/ oetiker at ee.ethz.ch http://ee-staff.ethz.ch/~oetiker
--
* To unsubscribe from the rrd-developers mailing list, send a message with the
subject: unsubscribe to rrd-developers-request at list.ee.ethz.ch
More information about the rrd-developers
mailing list