i plan to release 0.8.6 soon, i dont plan to change the makefiles for
this release. maybe for 0.9
On 09/10/11 12:06, Glyn Kennington wrote:
Hi,
Still digging through the Makefiles to confirm how building currently works
before I try to rearrange it. I'll reply to that bit when I have more ideas.
But...
ok
pancake wrote:
I have finally decided to import file(1) from openbsd. I have refactorized thr
code and now its 6000 loc instead of 8000. Quite acceptable.
Now libmagic dependency has been removed.
A couple of problems with this version:
* The types for file_signextend() differ between apprentice.c and file.h .
it's the same. but one is using the typedef name and the other
This only causes an error on my x86_64 system, and the fix is trivial.
* strlcpy and strlcat aren't in glibc.
fixed. the function that calls strlcpy/strlcat is main() which is never
called because it's in a library. so i have just remove it.
This seems to be a common complaint for people porting to linux - I see no
fewer than 9 reimplementations of strlcpy in my /usr/include dir from other
libraries that have needed it.
in BSD you can find lot of GNU extensions reimplemented in many projects
(dprintf and so on). that's the problem of following POSIX specs which
have many weirdness that can't be fixed because of backward compatibility.
it's like the meaning of 'n' in strncpy vs snprintf.
Options are presumably to add one into magic/ inside some #ifdefs, or to
rewrite those bits of code so they're safe with strncpy/strncat.
or just to replace them using strncpy/strncat..
well in fact here's another overflow here :) they are using strlcat with
len = sizeof(home+sizeof(magic).... home is char*, so sizeof is broken
returning a wrong size here.. and strcat 'n' means the max number of
chars to be copied. not the size of the buffer size..
i have seen this error in many sofware developed nowadays.. grep for
strncat in the sources of many programs and you'll find exploits for free.
The thing is that the function that calls strlcat/strlcpy is main()
which i'm not using it.
i'll commit this stuff later with more changes.
--pancake
_______________________________________________
radare mailing list
[email protected]
http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
