[ARCHIVED THREAD] - H1B developer code example... (Page 1 of 3)
Posted: 4/13/2017 11:20:28 PM EDT
memcpy(messagebuffer.IPv6addr, globalIPv6addr_from_UNCI, strlen(messagebuffer.IPv6addr) ); Freshmen college programmers: why is this code == pure DUMBASS SHIT? TL;DR: field issue I was asked to look at where device could connect IPv6 some of the time, very strange addresses refused other times. LOL. |
|
Quoted:
sooo......... Then would an American program this better? And we'd kick the motherfucker that forced us to use IPv6 in the teeth because they were probably the same fucks that were wasteful with IPv4 address space. |
|
Quoted:
An American would ask why we are copying, to Y, an amount of X equal to Y. And we'd kick the motherfucker that forced us to use IPv6 in the teeth because they were probably the same fucks that were wasteful with IPv4 address space. Quoted:
Quoted:
sooo......... Then would an American program this better? And we'd kick the motherfucker that forced us to use IPv6 in the teeth because they were probably the same fucks that were wasteful with IPv4 address space. The only thing to do with IPv6 is to turn it off ASAP before it screws everything up. Stupid idea from the same assholes that bought you Y2K. |
Hint 2: both source and destination are 16 byte arrays, and source globalIPv6addr_from_UNCI has the valid address, but the dest don't always after the call. 
Either this will go potato fast and end up un page 10 soon, or a developer will show up and LOL with me. |
|
Quoted:
memcpy(messagebuffer.IPv6addr, globalIPv6addr_from_UNCI, strlen(messagebuffer.IPv6addr) ); Freshmen college programmers: why is this code == pure DUMBASS SHIT? TL;DR: field issue I was asked to look at where device could connect IPv6 some of the time, very strange addresses refused other times. LOL. What's the big deal? I mean as long as you've used messagebuffer.IPv6addr at least once before, it should be the right length! Wait... do I want to see what the malloc call looks like? And I'm sure there's no way that the length of globalIPv6addr_from_UNCI is ever different from the length of messagebuffer.IPv6addr.. better test it on ::1 and then see what kind of magic shit I can write into messagebuffer.IPv6addr And are you literally passing the IPv6 addresses as strings, or as some more appropriate data structure and you overrode strlen() for some reason? And while we're at it, the mix of camelCase and underscores in a single variable makes my eye twitch. Although I haven't done anything in C for like 6 years. |
|
Quoted:
Hint 2: both source and destination are 16 byte arrays, and source globalIPv6addr_from_UNCI has the valid address, but the dest don't always after the call.
Either this will go potato fast and end up un page 10 soon, or a developer will show up and LOL with me. If you're still debugging an H1B's C++ code in 2017, you've made some poor career choices along the way. |
| PS I know the guy that wrote this. He's long gone to another company after he lawyer-ed up and got a green card. This shit has been lying dormant since 2007. Not a bad dude, just left me a nice fucking timebomb turd of a bug that until the customer started REALLY using IPv6 didn't get exposed.... |
|
Quoted:
An American would ask why we are copying, to Y, an amount of X equal to Y. And we'd kick the motherfucker that forced us to use IPv6 in the teeth because they were probably the same fucks that were wasteful with IPv4 address space. |
|
Quoted:
Hint 3: If you're still debugging an H1B's C++ code in 2017, you've made some poor career choices along the way. |
|
Quoted:
Fuck off. I'm the pro from Dover who was called in to save the day AND DID. You're just trying to piss in my Cheerios because you don't know what's wrong. |
|
Reminds me of dailywtf, haven't been there in a while. Thanks for the nostalgia.
Are you storing addr's as strings? If not does he really think the sizeof an ipv6 address needs to be calculated at runtime? TFW you know to check the destination buffer size but you use strlen, keep the h1bs flowing guys. I work in security research. Indefinite job security. |
|
Quoted:
strlen results in undefined as it is measuring an a 16 byte array and cannot read a terminating null character. char IPv6addr[40] = '2001:0db8:ac10:fe01::' strlen(IPv6Addr) is 21 sizeof(Ipv6Addr) is 40 |
|
Quoted:
That ain't why the device fails in the field. This is compiled delivered code and there's no compile error. But you are on to something... Because sometimes there can be a null in various locations in the uninitialized memory he's performing strlen on, sometimes its within the sizeof an ipv6 address and you get partial copies, sometimes its not and you overwrite the next member in the structure. |
|
Quoted:
memcpy(messagebuffer.IPv6addr, globalIPv6addr_from_UNCI, strlen(messagebuffer.IPv6addr) ); If the addresses are numeric: truncated copy on zero byte in address value. Also, lots of buffer overrun potential. |
|
I'm going to mix one more drink and walk the dag, when I come back I'll sum it up.
As I said before, I know who wrote this and I kinda like the guy. He must have fucked up a copy-paste, because he wrote some good code otherwise LOL, and whomever was in the code review before he commited was asleep at the wheel... |
|
Quoted:
An American would ask why we are copying, to Y, an amount of X equal to Y. And we'd kick the motherfucker that forced us to use IPv6 in the teeth because they were probably the same fucks that were wasteful with IPv4 address space. Quoted:
Quoted:
sooo......... Then would an American program this better? And we'd kick the motherfucker that forced us to use IPv6 in the teeth because they were probably the same fucks that were wasteful with IPv4 address space. 
Just yesterday I had to beg, borrow, and steal to scrape together and provision a small /29 sized block of statics for an enterprise customer. |