- Remove extraneous / in comment.

- Clarify documentation of overflow detection. - Remove extraneous spaces at the end of lines.

- Remove extraneous / in comment.
623f4857611e · websnarf · 1082d2225d6a · 623f4857 · 623f4857
Commit 623f4857611e authored 10 years ago by websnarf
--- a/bstrlib.c
+++ b/bstrlib.c
@@ -343,7 +343,7 @@
 }

 /*  int bconchar (bstring b, char c)
-/ *
+ *
 *  Concatenate the single character c to the bstring b.
 */
 int bconchar (bstring b, char c) {

--- a/security.txt
+++ b/security.txt
@@ -73,11 +73,11 @@

 2. Memory size overflow/wrap around attack

-Bstrlib is, by design, impervious to memory size overflow attacks.  The 
-reason is it is resiliant to length overflows is that bstring lengths are 
-bounded above by INT_MAX, instead of ~(size_t)0.  So length addition 
-overflows cause a wrap around of the integer value making them negative 
-causing balloc() to fail before an erroneous operation can occurr.  Attempted 
-conversions of char * strings which may have lengths greater than INT_MAX are 
-detected and the conversion is aborted.
+By design, Bstrlib is impervious to memory size overflow attacks.  The
+reason is that it detects length overflows and leads to a result error before
+the operation attempts to proceed.  Attempted conversions of char* strings
+which may have lengths greater than INT_MAX are detected and the conversion
+is aborted.  If the memory to hold the string exceeds the available memory
+for it, again, the result is aborted without changing the prior state of the
+strings.

@@ -83,7 +83,8 @@

-It is unknown if this property holds on machines that don't represent 
-integers as 2s complement.  It is recommended that Bstrlib be carefully 
-auditted by anyone using a system which is not 2s complement based.
+These behaviors rely on the use of 2s complement by the underlying machine
+architecture.  It is unknown if these properties hold on machines that do
+not represent integers as 2s complement.  It is recommended that Bstrlib be
+carefully auditted by anyone using a system which is not 2s complement based.

 3. Constant string protection

@@ -174,8 +175,8 @@

 bSecureInput() has been supplied in bstraux.c.  It has an optional upper limit
 for input length.  But unlike fgets(), it is also easily determined if the
-buffer has been truncated early.  In this way, a program can set an upper limit
-on input sizes while still allowing for implementing context specific 
+buffer has been truncated early.  In this way, a program can set an upper
+limit on input sizes while still allowing for implementing context specific
 truncation semantics (i.e., does the program consume but dump the extra
 input, or does it consume it in later inputs?)