[Gllug] Bad C code
John Edwards
john at cornerstonelinux.co.uk
Tue Jul 20 01:14:22 UTC 2010
On Mon, Jul 19, 2010 at 11:39:06PM +0100, Nix wrote:
<snip>
> system() with composed strings is Bad. Avoid avoid avoid. (In fact, more
> generally, system() is Bad in and of itself, and
> fork()/execvp()/waitpid() is easy enough that there's no excuse for
> using system() ever.)
If you ever want to see some really bad C code using system then look
at the Smoothwall firewall. They converted a whole bunch of shell
scripts to C using system() so that they could be run from CGI.
The installpackage.c in version 2.0 had this lovely gem:
--------
memset(command, 0, STRING_SIZE);
snprintf(command, STRING_SIZE - 1, "/bin/rm -rf /var/patches/%s", argv[1]);
system(command);
--------
To be fair by this point they had added some sanity checks:
--------
if (strspn(argv[1], NUMBERS) != strlen(argv[1]))
{
fprintf(stderr, "Bad arg\n");
exit(1);
}
--------
But these were the people who tried to rewrite the GPL to suit
themselves.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20100720/03e1a5d5/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list