Re: first patch to security problem

[Decklin Foster <decklin@red-bean.com>]

Peter writes:

> I wouldn't think so. It just grabs the relevent URL handler ("netscape
> %s" or whatever) from the urlhandler_list and sticks in %s using
> autoinsert().

OK, I just looked quickly at the backtraces. You must know the
internals.


> I think that line looks dodgy. sizeof *argv, isn't that derefencing an
> uninitialize, unalloced variable?

No, that's the sizeof operator, which is special. The fine folks at
comp.lang.c have beaten this stylistic point into me:

    T *foo;

    foo = malloc(sizeof *foo);

This means "allocate enough storage for whatever type foo points to".
Then you can go back and change T, without having to change the type
in every allocation. (In this case T is char *.)

> and another thing, shouldn't your realloc() take into account the
> size of a pointer?

Argh. Yes, you're completely right. <fx sound="smacks forehead"/> That
fixes it.

> A g_malloc needs a g_free :)

Yes, I commented that out before I tried using the g_ wrappers ;)

> Anyway, I've taken the poptParseArgs function from gnome-libs 1.2.4 and it
> seems to work well. It also handles quotoes correctly (so you can have
> args with a space in them). I've #ifdef USE_GNOME'ed it, so it's only
> included when not building with gnome.

OK, cool. I must be confused, doesn't #ifdef USE_GNOME mean when
building with gnome, not when building without gnome? What happens
exactly in each case?

-- 
There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There
are no ABSOLUTE STATEMENTS. I'm very probably wrong. -- BSD fortune(6)
-
XChat-discuss: mailing list for XChat users
Archive:       http://mail.nl.linux.org/lists/
Posted By:     Decklin Foster <decklin@red-bean.com>