On Tue, 1 May 2007 21:23:54 +0200 plus or minus some time Stoiko Ivanov
<stoiko_at_xover.htu.tuwien.ac.at> wrote:
> Hi,
>
> My name is Stoiko Ivanov - I'm one of the lucky people who got accepted
> in this years Google Summer of Code (and I'm looking forward to work on
> Nmap). I'll be enhancing the NSE during this summer and (hopefully) will
> add some new features to make script-writing easier and even more
> powerfull.
>
Welcome. It's great having you guys.
>
...snip...
>
> I hope my patch fixes the problem (at least it does in the case described
> in the bug-report)
It does however it also introduces a memory leak. xml_convert() mallocs
memory that needs to be freed.
>
> I would be grateful for any comment on the patch, since it's my first one
> (especially if I've forgotten something, or made anything wrong).
>
I'm by no means a big contributer to Nmap but here is the line of
questioning I go though on my small patches. I think the more talented
C/C++ developers on this list are able to make all these decisions in one
pass through the code; I cannot:
* Were there any theoretical or real memory leaks or security
vulnerabilities in the code before I changed anything?
* Does the addition or changes to the code cause any vulnerability or
memory leak?
* Are there any potential interactions or loose ends in the new or modified
code that could interfere with any other part of the program?
Functions with side effects like xml_convert() could probably use a short
comment above them reminding would-be hackers to watch out.
> cheers
> stoiko
>
Respectfully,
Brandon
--
Brandon Enright
Network Security Analyst
UCSD ACS/Network Operations
bmenrigh_at_ucsd.edu
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on May 01 2007
Intro
