Re: [PHP-DEV] PHP audit project

2002-03-12 Thread Marcus Börger
In addition to Zeev, Hey guys where is your problem if someone wants to infect php code with functions that increases stability of code? The last days i spent much work to get ext/exif working and many problems came from missuse of strxxx functions. Changing to functions like strlcpy makes the co

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread Andi Gutmans
And as long as you don't use strncpy() Just kidding :) Andi At 15:31 11/03/2002 +0200, Zeev Suraski wrote: >Frank, > >Don't be discouraged by the feedback here. Your efforts are well >appreciated! You can choose to use whichever functions you deem best, as >long as you're the one doing the

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread Andi Gutmans
At 13:21 11/03/2002 +0100, Stefan Esser wrote: >Hi, > >strlcpy and strlcat are inventions of the OpenBSD project. Since they >invented >those they are trying to "infect" other projects. I added them to PHP a long time ago and I have nothing to do with the OpenBSD project. They are extremely usef

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread Zeev Suraski
Frank, Don't be discouraged by the feedback here. Your efforts are well appreciated! You can choose to use whichever functions you deem best, as long as you're the one doing the work :) Zeev At 02:23 PM 3/11/2002, Jedi/Sector One wrote: >On Mon, Mar 11, 2002 at 01:21:02PM +0100, Stefan Esse

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread Jedi/Sector One
On Mon, Mar 11, 2002 at 01:43:40PM +0100, Stefan Esser wrote: > Sorry, my fault. I have overseen that. I just wanted to clearify what > strlcat and strlcpy are. strlcpy and strlcat are quick and dirty band aids against buffer overflows. They suck because if a string is truncated, other bad thin

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread Stefan Esser
Hi, > PHP is already infected. Sorry, my fault. I have overseen that. I just wanted to clearify what strlcat and strlcpy are. I dislike OpenBSD because of several reasons but this list is not the right place to discuss anything like this. > But that's ok. If you don't want us to work on PHP,

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread Jedi/Sector One
On Mon, Mar 11, 2002 at 01:21:02PM +0100, Stefan Esser wrote: > strlcpy and strlcat are inventions of the OpenBSD project. Since they > invented > those they are trying to "infect" other projects. PHP is already infected. Try to grep for strlcpy and strlcat in the _vanilla_ PHP source code

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread Stefan Esser
Hi, strlcpy and strlcat are inventions of the OpenBSD project. Since they invented those they are trying to "infect" other projects. Stefan -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread Jedi/Sector One
On Mon, Mar 11, 2002 at 01:17:07PM +0100, [EMAIL PROTECTED] wrote: > > Are the strlcpy and strlcat functions (used in the patches) available on > > Linux? > [derick@kossu derick]$ man strlcpy > No manual entry for strlcpy > [derick@kossu derick]$ man strlcat > No manual entry for strlcat PHP de

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread derick
On Mon, 11 Mar 2002, David Eriksson wrote: > On Mon, 11 Mar 2002, Jedi/Sector One wrote: > > > The goal is to help the PHP developpement, not to keep the patches > > separate, only for OpenBSD. There are some OpenBSD enhancements, but they > > are all surrounded with #ifdef __OpenBSD__ . We do

Re: [PHP-DEV] PHP audit project

2002-03-11 Thread David Eriksson
On Mon, 11 Mar 2002, Jedi/Sector One wrote: > The goal is to help the PHP developpement, not to keep the patches > separate, only for OpenBSD. There are some OpenBSD enhancements, but they > are all surrounded with #ifdef __OpenBSD__ . We don't want to break > portability, nor to release someth

[PHP-DEV] PHP audit project

2002-03-11 Thread Jedi/Sector One
Hello. This is Frank from the PHP audit project. Here are some clarifications. We are working on PHP 4.1.2 because we want to quickly release a patch with basic hardening. Because of the recent vulnerabilities discovered by Stefan, chances are that a lot of kiddies are also