Re: hashlib.c add NULL check for "string" parameter

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: hashlib.c add NULL check for "string" parameter

From:	Notes Jonny
Subject:	Re: hashlib.c add NULL check for "string" parameter
Date:	Tue, 30 Sep 2014 13:07:57 +0100

On Mon, Sep 29, 2014 at 2:04 PM, Chet Ramey <chet.ramey@case.edu> wrote:
> On 9/29/14, 8:22 AM, Notes Jonny wrote:
>> Hello
>> I noticed hash_search() did not check if "string" parameter was
>> non-NULL. Please find attached a patch for this.
>
> It's the caller's responsibility to ensure that the string passed to
> hash_search is non-NULL.

What's your rationale for that?

CERT EXP34-C "Do not dereference null pointers" is pretty clear, with examples:

https://www.securecoding.cert.org/confluence/display/seccode/EXP34-C.+Do+not+dereference+null+pointers

In software development we always verify parameters are within
expected bounds. There is ISO/IEC TR 24772 covering this topic amongst
others.

Regards, Jonny

[Prev in Thread]

Current Thread

[Next in Thread]

hashlib.c add NULL check for "string" parameter, Notes Jonny, 2014/09/29
- Re: hashlib.c add NULL check for "string" parameter, Chet Ramey, 2014/09/29
  - Re: hashlib.c add NULL check for "string" parameter, Notes Jonny <=
    - Re: hashlib.c add NULL check for "string" parameter, Ángel González, 2014/09/30

Prev by Date: Re: Detecting invocation as /bin/sh ?
Next by Date: Re: hashlib.c add NULL check for "string" parameter
Previous by thread: Re: hashlib.c add NULL check for "string" parameter
Next by thread: Re: hashlib.c add NULL check for "string" parameter
Index(es):
- Date
- Thread