Re: Termcap use...

On Feb 02, 1997 at 08:09:57AM, Warner Losh wrote:
> In message <Mutt.19970219140128.xaa@alterego.stack.nl> Mark Huizer writes:

I've looked through it fairly briefly, if only to become more familiar with getcap(3), on which termcap is based.

getcap() does internal allocation of its own buffers, so it isn't subject to buffer overflows itself (in principle - I haven't actually verified that, which I expect will be done during this audit). Termcap uses getcap() (since it is a more generic form), but does some things for backwards compatibility such as truncating capability tags to two characters (ugh) and prevents any more than TBUFSIZ (#defined as 1024 at the top of lib/libtermcap/termcap.c) from being copied into user space. So, assuming that everyone uses 1024 byte buffers - which is common and a documented limit besides - it is a non-problem. A termcap capability record exceeding that size can't be returned.

Of course, this very much limits the usability of termcap for very complex emulations, but that's the price of compatility. getcap(3) doesn't look too bad an interface in comparison and does not suffer the same problen, but of course it is BSD 4.? specific. getcap(3) can be used to access those same records of just about any size.

Regards,

David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn(at)freebsd.org davidn(at)blaze.net.au http://www.blaze.net.au/~davidn/ Received on Thu Feb 20 07:09:00 1997