mailing list archives
Re: [PATCH] Cut down buffer size in ftp_anon_connect()
From: Matthew Murphy <mattmurphy () kc rr com>
Date: Wed, 08 Mar 2006 01:55:41 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Kris Katterjohn wrote:
The attached patch cuts down the size of the 'command' buffer in
ftp_anon-connect() from 512 to 270. ftp->user can hold 64 bytes and ftp->pass
can hold 256, so 270 will hold "PASS [ftp->pass]\r\n" with a few extra bytes
in there. It also uses sizeof in snprintf() instead of just a number.
I have two potential concerns about this patch. First of all, I'd
recommend applying it with parenthesis around sizeof expressions, as in:
sizeof(command) - 1
sizeof command - 1
Most compilers are tolerant of both forms, but I'm more used to seeing
the latter, and it is (IMO) cleaner.
Further, in looking at your choice of buffer size, I'm wondering why 270
instead of 264?
PASS [256 chars]\r\n\0
is exactly 256+8 = 264. Choosing 264 also makes the buffer eight-byte
aligned, which may save a few bytes of stack space (in addition to the
six byte slack) or make the binary a (microscopic) hair faster by
avoiding alignment issues.
"Social Darwinism: Try to make something idiot-proof,
nature will provide you with a better idiot."
-- Michael Holstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list