[sane-devel] [BUG] saned: missing input sanitization

[Johannes Berg]

--=-RvFmJl5eUaAjiXBPw3Ib
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sat, 2004-10-16 at 15:48 +0200, Henning Meier-Geinitz wrote:
> I've added a check to CVS. It returns an error to the client because I
> think that's a protocol violation. Zero-length strings are allowed for
> sane_open but not NULL-pointers.

I think the problem is that the network layer does not distinguish
between zero-length strings and NULL pointers -- as far as I can see it
interprets a zero-length string (which is only a byte-array after all)
as a NULL string.

johannes

--=-RvFmJl5eUaAjiXBPw3Ib
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Comment: Johannes Berg (SIP Solutions)

iQIVAwUAQXEpq6Vg1VMiehFYAQKfdw/8DmtQmW6bABrsnmshQFN+syVsTAZWFhRO
0veLBoM8uNxgFMLXUtiXhv0lWfbZdce6UXYREB3bPy2yrAIsm30rFipBGvckX9J9
RvmH21mrigWiYn5VoloGIqiCDum/BubxyeE/xSBkcVcDKh3wnOWtYzFDBEnyP79U
rUz0bMlchKHcKrPsZq78WeJ203hZaPBxPgmRKT/i/kjdOFMIiu/enMC8VEFrl3Oe
AhbXOhtj5GtkfPs1ueM5oms4f4wu4La+lF6+5lhHGFOY6Bwj+Xd0xwvxPge36NXD
NRn7XArGv9SLUPza1y9Nw6wlVMFpG4AdlUyTTH3zO28A8bOjksSC53p/ftl/x9z1
wE4j1yBvzUmlrCYmSYvPgzXG5Kwv6CndtE3+v6+f2dYrY80yMCLLWyMG1XLgKtvT
oDtuUFdpzOPSQSDWz7ICkCyl1Vv+5DiWlchXBqN5cHz/1mDMZOj9VAmtoo+b28kA
tIeEFq3q0ITTwJps6nrmUDshGDAiVWj86NH7y+Q6py0EmG8eHav1MvDdxiz5r7/x
Q160C87JrAfMgxl5o84zGF63XJHH4k6e0RLNEqDLCg6u0K+qZ9tkUgNQOLZ5Ym9Q
LcqYgokfISbLEfit7V4fp9lXz75ZU7HYsaDnsOKKH/EI0v3F1xzHQUG2LMNywlBj
8XQQi/XDORw=
=iuNs
-----END PGP SIGNATURE-----

--=-RvFmJl5eUaAjiXBPw3Ib--