Oddbean new post about | logout

Notes by Thomas Hurst | export

Thomas Hurst | 1 years ago (raw) | full thread | reply | flag 
 Security fixes for Exim are out. Here's one for an out-of-bounds write in its external authenticator code:

-  auth_vars[expand_nmax] = s;
+  auth_vars[expand_nmax = 1] = s;

Which certainly doesn't look like an error-prone way of resetting how many numbered strings you've expanded.

Incidentally, two of these three variables are globals. That's not particularly surprising since Exim has well over 700 of them.

Anyway, I'm sure nothing like this will happen again now these are fixed.
#RonGilbert | 1 years ago (raw) | root | parent | reply | flag 
 nostr:npub1w6g6ttau48yjdwg6sx59wsq7h8dglre7p75z25kl5qhx5cy9xssqmx9dhl Yep. It's on my list to fix...
Thomas Hurst | 1 years ago (raw) | root | parent | reply | flag 
 @de22920b I'm not too familiar with SQLite. Let's see.

`INSERT INTO kv_store (project, key, value, time) VALUES (?, ?, ?, datetime()) ON CONFLICT (project,key) DO UPDATE SET value=value+?,time=datetime() RETURNING VALUE`

With a unique index on `(project, key)`
#RonGilbert | 1 years ago (raw) | full thread | reply | flag 
 I wrote a key/value store in PHP using SQLite. It's becoming the workhorse of my build process.
Thomas Hurst | 1 years ago (raw) | root | parent | reply | flag 
 @de22920b Cute!

Looks like your addValue is non-atomic, selecting a value and then inserting(?) a new one based on it - it'll race with other calls.
e53cf568 | 1 years ago (raw) | root | parent | reply | flag 
 nostr:npub1t7dmr2xue8zaxsxhy2xkdja0nx6f8cu8y8l7hfksw98y773djkgquzpqpp nostr:npub1pcd4zcqqvnaqfpz5...
Thomas Hurst | 1 years ago (raw) | root | parent | reply | flag 
 @7e6185e6 @5f9bb1a8 @0e1b5160 I run zsh off my ~/.profile with a short exit delay.  If it breaks I just have to ^C and I'm dropped to a sh prompt.