All of lore.kernel.org
 help / color / mirror / Atom feed
From: ebiederm@xmission.com (Eric W. Biederman)
To: Ben Hutchings <bhutchings@solarflare.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>,
	<netdev@vger.kernel.org>, "Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH for 3.8] iproute2: Add "ip netns pids" and "ip netns identify"
Date: Fri, 18 Jan 2013 10:49:52 -0800	[thread overview]
Message-ID: <87ehhiqqb3.fsf@xmission.com> (raw)
In-Reply-To: <1358517218.21229.6.camel@deadeye.wl.decadent.org.uk> (Ben Hutchings's message of "Fri, 18 Jan 2013 13:53:38 +0000")

Ben Hutchings <bhutchings@solarflare.com> writes:

> On Thu, 2013-01-17 at 17:27 -0800, Eric W. Biederman wrote:
>> Ben Hutchings <bhutchings@solarflare.com> writes:
>> 
>> > On Thu, 2013-01-17 at 16:23 -0800, Eric W. Biederman wrote:
>> >> Ben Hutchings <bhutchings@solarflare.com> writes:
>> >> 
>> >> > On Mon, 2012-11-26 at 17:16 -0600, Eric W. Biederman wrote:
>> > [...]
>> >> >> --- a/ip/ipnetns.c
>> >> >> +++ b/ip/ipnetns.c
>> > [...]
>> >> >> +static int is_pid(const char *str)
>> >> >> +{
>> >> >> +	int ch;
>> >> >> +	for (; (ch = *str); str++) {
>> >> >> +		if (!isdigit(ch))
>> >> >
>> >> > ch must be cast to unsigned char before passing to isdigit().
>> >> 
>> >> isdigit is defined to take an int.  A legacy of the implicit casts in
>> >> the K&R C days.  Casting to unsigned char would be pointless and silly.
>> > [...]
>> >
>> > It's not pointless.  This is explained in the very first line of the
>> > description in the manual page...
>> 
>> If it's not pointless it is an implementation bug.
>
> You can either get in your time machine and go back to 1978 and fix it,
> or add the cast like every C programmer who knows what the C standards
> say about these functions.

So I took a moment to look. The C standard is indeed does not say
anything about this and supporting signed char becomes a quality of
implementation issue.  glibc supports being passed signed character
values.

> Testing on one implementation doesn't prove anything.  'char' can be
> signed or unsigned depending on the architecture, and some C libraries
> work around buggy applications that .  That's no reason to write another
> buggy application.

This code by it's very nature is not portable.  The code is not suid
so insane level of paranoia don't need to be maintained.  The definition
in the C standard is a least common denominator requirement.  Posix
copies that least common denominator requirement.  Glibc does not
implment the least common denominator.

There is no advantage for an implemenation to implement only the least
common denominator of functionality in isdigit.  There is a huge
advantage for an implementation of the cypte functions on platforms with
signed char to have an array with 384 entries.  It is nearly humanly
impossible to remember you need to type isdigit((unsigned)string[n]),
not to mention how easy it is for casts to go wrong.

So no I do not consider programs that are not strictly conformant with
the C standard broken.  I consider implementations of isdigit that are
strictly conformat with the C standard to be canidadates for patches.
At this point I will happily add support to any ctype implemenation I
meet that has such a poor quality of implementation that you have to be
a language lawyer in top form to use isdigit properly.

Eric

  reply	other threads:[~2013-01-18 18:50 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-11-26 23:16 [PATCH for 3.8] iproute2: Add "ip netns pids" and "ip netns identify" Eric W. Biederman
2012-11-27 18:00 ` Ben Hutchings
2013-01-18  0:23   ` Eric W. Biederman
2013-01-18  1:00     ` Ben Hutchings
2013-01-18  1:27       ` Eric W. Biederman
2013-01-18  9:41         ` David Laight
2013-01-18 13:53         ` Ben Hutchings
2013-01-18 18:49           ` Eric W. Biederman [this message]
2013-01-21  9:52             ` David Laight
2013-01-18  0:44   ` [PATCH iproute-3.8 0/6] ip netns bug fixes and enhancements Eric W. Biederman
2013-01-18  0:45     ` [PATCH iproute2-3.8 1/6] iproute2: Don't propogate mounts out of ip Eric W. Biederman
2013-01-18  0:46     ` [PATCH iproute2-3.8 2/6] iproute2: Normalize return codes in "ip netns" Eric W. Biederman
2013-01-18  0:46     ` [PATCH iproute2-3.8 3/6] iproute2: Improve "ip netns add" failure error message Eric W. Biederman
2013-01-18  0:47     ` [PATCH iproute2-3.8 4/6] iproute2: Make "ip netns delete" more likely to succeed Eric W. Biederman
2013-01-18  0:47     ` [PATCH iproute2-3.8 5/6] iproute2: Fill in the ip-netns.8 manpage Eric W. Biederman
2013-01-18  0:48     ` [PATCH iproute2-3.8 6/6] iproute2: Add "ip netns pids" and "ip netns identify" Eric W. Biederman
2013-02-07  0:56     ` [PATCH iproute-3.8 0/6] ip netns bug fixes and enhancements Vijay Subramanian
2013-02-07  8:57       ` Eric W. Biederman
2013-02-07 18:17         ` Vijay Subramanian

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ehhiqqb3.fsf@xmission.com \
    --to=ebiederm@xmission.com \
    --cc=bhutchings@solarflare.com \
    --cc=netdev@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=shemminger@vyatta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.