Don't know if it helps, but this specific problem can be solved by replacing strtok with strtok_r. Just to make sure I don't get reminded that a patch is better than an email, you can take a look at patch 1040330 ;-)
As mentioned in the patch record, possibly some platforms might not have an strtok_r defined, however coding strtok_r is rather trivial. Hope this helps, -- Geert -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael J. Slifcak Sent: Tuesday, October 05, 2004 1:24 AM To: [EMAIL PROTECTED] Cc: Thomas Anders Subject: Re: snmptrapd 5.1.2 read_configs buffer overflow? Robert Story (Coders) wrote: > On Mon, 04 Oct 2004 21:47:37 +0200 Thomas wrote: > TA> Robert Story (Coders) wrote: > TA> > On Mon, 04 Oct 2004 14:50:22 +0200 Thomas wrote: > TA> > TA> Can we possibly get rid of strtok(), at least in > TA> > TA> read_configs()? > TA> > > TA> > To mangle a well-know quote: Patches speak louder than emails. > TA> > ;-) > TA> > TA> Sure, but the wide-spread usage of strtok in the source base > TA> didn't feel like a consensus to get rid of it. ;) > > Well, I didn't intend to get rid of it everywhere. But if it's the > source of a bug, and you have a fix that eliminates the use of > strtok... > > > TA> And, even then, what commonly available function shall it be > TA> replaced with (at least in read_configs())? It probably doesn't > TA> justify introducing a dependency on GLib, although their string > TA> functions are quite convenient. > > I think any new dependencies would looked upon unfavorably. > > > TA> OTOH, may the one that introduced the usage of strtok in > TA> read_configs come up with an easier fix for this particular > TA> problem? > > In that case, your best bet is to submit a bug report, and then cross > your fingers. [but don't hold your breath! ;-) ] > Please continue to breathe. strtok() is one function that would be very nice to use LESS. It in fact is in a list of functions seen in the oldest open bug report. Please don't bump the bug report count. Please. So think good thoughts, write clean patches, live free, etc. [Kind of a Garrison Keillor brush-off, yea ?] ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Net-snmp-coders mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Net-snmp-coders mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
