netstrings example vulnerable

[Timo Sirainen <tss () iki fi>]

http://cr.yp.to/proto/netstrings.txt

I didn't find any real code that actually did it like in the example,
but I think it's worth mentioning since that page still gets referenced
once in a while. I just noticed it in some recent oreilly article about
safe string handling.

It's been there for over 6 years unnoticed, so rather than just telling
you what's wrong, I think it would make a pretty interesting
vulndev-challenge. Much harder than the previous ones anyway :)

So, here's the code, just assume sane variables etc. (and no, the
problem isn't that you can allocate a gigabyte of memory):

      if (scanf("%9lu",&len) < 1) barf();  /* >999999999 bytes is bad */
      if (getchar() != ':') barf();
      buf = malloc(len + 1);       /* malloc(0) is not portable */
      if (!buf) barf();
      if (fread(buf,1,len,stdin) < len) barf();
      if (getchar() != ',') barf();

So not all code djb has ever written is secure :)

Oh, and djb knows about this now, didn't say if he's going to bother
updating the page.