Author: aitor Date: To: dng Subject: Re: [DNG] Nasty Linux systemd security bug revealed
Hi Alessandro,
On 15/8/21 18:08, Alessandro Vesely via Dng wrote: > I guess we all ended up developing something similar. My take:
> http://www.tana.it/svn/zdkimfilter/trunk/src/cstring.h > http://www.tana.it/svn/zdkimfilter/trunk/src/cstring.c >
> It's harsh as it assumes the caller _always_ checks return code. The
> functions don't check for NULL on entry (albeit they often assert()
> it, a passage usually not compiled in production code.) Non-nullness
> has to be checked by the caller, for example (from zaggregate.c in the
> same package):
>
> if (to_header)
> {
> to_header = cstr_printf(to_header, "%s %s",
> n_addr == 0? "To:": ",", dom->addr[i].addr);
> if (to_header && dom->addr[i].limit != UINT64_MAX)
> to_header = cstr_printf(to_header, " (limit=%" PRIu64 ")",
> dom->addr[i].limit);
> ++n_addr;
> }