[ciphershed] Re: Finished review of rebranding patch

• From: Jason Pyeron <jpyeron@xxxxxxxx>
• To: "'ciphershed@xxxxxxxxxxxxx'" <ciphershed@xxxxxxxxxxxxx>
• Date: Mon, 30 Jun 2014 19:47:22 -0400

Mobile, pardon the top post.

I am going to whip up a patch to to use snprintf. See below.

-Jason

The functions snprintf() and vsnprintf() write at most size bytes (including
the terminating null byte ('\0')) to str.

The functions vprintf(), vfprintf(), vsprintf(), vsnprintf() are equivalent
to the functions printf(), fprintf(), sprintf(), snprintf(), respectively,
except that they are called with a va_list instead of a variable number of
arguments. These functions do not call the va_end macro. Because they invoke
the va_arg macro, the value of ap is undefined after the call. See
stdarg(3).

These eight functions write the output under the control of a format string
that specifies how subsequent arguments (or arguments accessed via the
variable-length argument facilities of stdarg(3)) are converted for output.

C99 and POSIX.1-2001 specify that the results are undefined if a call to
sprintf(), snprintf(), vsprintf(), or vsnprintf() would cause copying to
take place between objects that overlap (e.g., if the target string array
and one of the supplied input arguments refer to the same buffer). See
NOTES.

Return value

Upon successful return, these functions return the number of characters
printed (excluding the null byte used to end output to strings).
The functions snprintf() and vsnprintf() do not write more than size bytes
(including the terminating null byte ('\0')). If the output was truncated
due to this limit then the return value is the number of characters
(excluding the terminating null byte) which would have been written to the
final string if enough space had been available. Thus, a return value of
size or more means that the output was truncated. (See also below under
NOTES.)

If an output error is encountered, a negative value is returned.

----- Original Message -----
From: Jason Pyeron <jpyeron@xxxxxxxx>
To: ciphershed@xxxxxxxxxxxxx <ciphershed@xxxxxxxxxxxxx>
Sent: Mon Jun 30 13:36:49 2014
Subject: [ciphershed] Re: Finished review of rebranding patch




> -----Original Message-----
> From: ciphershed-bounce@xxxxxxxxxxxxx 
> [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Cox
> Sent: Monday, June 30, 2014 10:09
> To: ciphershed@xxxxxxxxxxxxx
> Subject: [ciphershed] Finished review of rebranding patch
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I got time yesterday on the plane to finish reviewing the patch.  I
> cannot promise it did not introduce any bugs, but I did not find any.
>  I took some notes on the code where there were changes:
> 
> All the sprintf code in Mount/Mount.c scares me.  Windows setup code
> also has scary fixed length arrays for paths.  1024 is hardcoded.
> We've added 1 to the path length, which in theory could cause someone
> out there to have a buffer overflow or path truncation where before it
> worked.  I think we just live with it for now.

I will look at that file Tuesday.

> 
> I see checks for Windows 2000, which I doubt we will test.  Can we
> claim to support OS versions we don't test?

I can set up some win2k systems for testing.

> 
> I am willing to sign that I have reviewed and trust this patch.  I saw
> nothing resembling code for a new back-door.  The git commit # I
> reviewed is:
> 
> 1ca13ed2271d60ba93d40bcc8db17ced8545f172

Can you check(verify) 258e0a237cb69aaa587b0a4fb528bb0316b1b776 ?

You can find it at
https://github.com/pdinc-oss/CipherShed/tree/master-merge-and-cherrypick-fro
m-sr
guglielmo

There should be no differences (except the PKCS11 merge on master already),
it
is a git metadata clean up.

pyeron@black /tmp
$ diff -u foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Boot and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Boot
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Build
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Build
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Common
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Common
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Core and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Core
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Crypto
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Crypto
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Driver
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Driver
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Format
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Format
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Main and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Main
diff -u foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Makefile
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Makefile
--- foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Makefile       2014-06-30
13:32:30.182790800 -0400
+++ foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Makefile       2014-06-30
13:24:28.183449500 -0400
@@ -37,7 +37,7 @@

 export CFLAGS := -Wall
 export CXXFLAGS := -Wall -Wno-unused-parameter
-C_CXX_FLAGS := -MMD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-D_LARGE_FILES
-I$(BASE_DIR) -I$(BASE_DIR)/Crypto
+C_CXX_FLAGS := -MMD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-D_LARGE_FILES
-I$(BASE_DIR) -I$(BASE_DIR)/Crypto -I$(BASE_DIR)/Pkcs11
 export ASFLAGS := -Ox -D __GNUC__
 export LFLAGS :=

Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Mount
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Mount
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Pkcs11
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Pkcs11
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Platform
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Platform
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Release
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Release
Common subdirectories:
foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Resources
and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Resources
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Setup
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Setup
Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Volume
and
foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Volume

Thanks, 

Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 

Other related posts:

• » [ciphershed] Finished review of rebranding patch- Bill Cox
• » [ciphershed] Re: Finished review of rebranding patch- Jason Pyeron
• » [ciphershed] Re: Finished review of rebranding patch - Jason Pyeron
• » [ciphershed] Re: Finished review of rebranding patch- Jason Pyeron
• » [ciphershed] Re: Finished review of rebranding patch- Bill Cox

1. Home
2. ciphershed
3. Archive
4. 06-2014

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---