[sane-devel] possible bin_w_string security issue (not)
Sat, 16 Oct 2004 14:34:41 +0200
> SIGPIPE (ok, I read your mail before answering) :-)
> Nearly any protocol violation from server or client can have strange
> results. That's one of the problems with the SANE net protocol.
> Also there are still many tests missing for a bad wire status (see bug
> There may be other locations but at least here it tests for the wire
Hm. I guess you're right. Seems I missed it, or maybe I was writing this
when I looked at a different location? Sorry.
> I'm still not sure if I have understood all the details of the wire
> code. But I guess the idea was to have only one function for each kind
> of data. So you don't need one for the server and one for the client
> and one for ascii and one for bin and one for sending and one for
Yeah, and then it is also "overloaded" for freeing allocated data.
> They aren't. Only sane_cancel() must be async signal safe.
> Yes, I guess that's a bug.
> Nobody should ever use sanei_wire/sanei_net/sanei_codec_* without
> really knowing what he does :-)
> But what should sanei_w_array do? It already exits when the wire is in
> bad state. I think that's really up to the caller.
Yes, but before exiting it should free the result buffer and NULL the
pointer. When the wire is in an invalid state during reading, it cannot
be guaranteed that the buffer is in a valid state, so should be
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Comment: Johannes Berg (SIP Solutions)
-----END PGP SIGNATURE-----