Re: [PATCH] Cut down buffer size in ftp_anon_connect()

[Matthew Murphy <mattmurphy () kc rr com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Kris Katterjohn wrote:
> The attached patch cuts down the size of the 'command' buffer in
> ftp_anon-connect() from 512 to 270. ftp->user can hold 64 bytes and ftp->pass
> can hold 256, so 270 will hold "PASS [ftp->pass]\r\n" with a few extra bytes
> in there. It also uses sizeof in snprintf() instead of just a number.
>
> Thanks,
> Kris Katterjohn

I have two potential concerns about this patch.  First of all, I'd
recommend applying it with parenthesis around sizeof expressions, as in:

    sizeof(command) - 1

rather than:

    sizeof command - 1

Most compilers are tolerant of both forms, but I'm more used to seeing
the latter, and it is (IMO) cleaner.

Further, in looking at your choice of buffer size, I'm wondering why 270
instead of 264?

PASS [256 chars]\r\n\0

is exactly 256+8 = 264.  Choosing 264 also makes the buffer eight-byte
aligned, which may save a few bytes of stack space (in addition to the
six byte slack) or make the binary a (microscopic) hair faster by
avoiding alignment issues.

- --
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."

                                -- Michael Holstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB5444D38

iD8DBQFEDo39fp4vUrVETTgRAy7qAJ9Cq8ttBjdHcpej7R/7M+xCoB7nNACdH8ZO
1XCrkzvOnhsqB4WcRDhHK+4=
=Amtj
-----END PGP SIGNATURE-----



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev