Thanks again for this work.
May I ask one question on the coding feedback I received? With regards to
this comment:
> +static int hso_connect()
> +{
> + int index=-1;
> + struct connman_ipaddress *ipaddress = NULL;
> + struct in_addr local_gateway_addr;
> And I don't like if you initialize variables. That is a bad habit to
> hide actual errors.
I would like to understand your concern about hiding actual errors. There
are plenty of secure coding books, conference papers, various coding
security departments from companies like Microsoft and Intel, etc out
there that give case after case examples why it is good to initialize
variables before using them. Now, what probably could be done is to
default a variable to a failure value and write code to only set the
correct value on the happy path case, which usually helps debug code on
getting the correct code flow right. And for wrong paths, variables that
are initialized before use typically have the error value stored in them
(if written right)before code bombs out. If the code fails before the
variable is used then one at least knows the code fails before the
variable got used. this winds up being good for debugging because there
is always a predictable, consistent value in the variable instead of some
junk number that will change every time the code is run.
I'll fix this issue. It isn't a big deal to me, especially because i am
not the original author of this code. But I want to understand this point
better because it goes against what I have read on good secure SW coding
practices, and I just want to hear this perspective better because I want
to be a better programmer.
Thanks,
Jay
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
