:: Re: [DNG] Nasty Linux systemd secur…
Forside
Slet denne besked
Besvar denne besked
Skribent: aitor
Dato:  
Til: dng
Emne: Re: [DNG] Nasty Linux systemd security bug revealed
Hi Alessandro,

On 15/8/21 18:08, Alessandro Vesely via Dng wrote:
> I guess we all ended up developing something similar. My take:
> http://www.tana.it/svn/zdkimfilter/trunk/src/cstring.h
> http://www.tana.it/svn/zdkimfilter/trunk/src/cstring.c
>
> It's harsh as it assumes the caller _always_ checks return code.  The
> functions don't check for NULL on entry (albeit they often assert()
> it, a passage usually not compiled in production code.)  Non-nullness
> has to be checked by the caller, for example (from zaggregate.c in the
> same package):
>
>     if (to_header)
>     {
>         to_header = cstr_printf(to_header, "%s %s",
>             n_addr == 0? "To:": ",", dom->addr[i].addr);
>         if (to_header && dom->addr[i].limit != UINT64_MAX)
>             to_header = cstr_printf(to_header, " (limit=%" PRIu64 ")",
>                 dom->addr[i].limit);
>         ++n_addr;
>     }



Thanks for the link. I'll give it a try.

Cheers,

Aitor.