r8 - 2014-03-10 - 09:58:46 - HarlanStennYou are here: NTP >  Dev Web > DevelopmentIssues > NtpCodingStyle
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

NTP Coding Style

Coding Style

  • Tabstops at every 8th position, so a line beginning with tab is indented as if it had 8 spaces in place of the tab.
  • Tabs should be used as much as possible, followed by spaces as needed.
  • Each scope opened by { is indented one more full tab stop than the enclosing scope.
  • Lines are limited to 72 character positions, except long quoted strings may extend beyond as needed. Implicit string concatenation (e.g. printf("long " "string")) is avoided as it interferes with =grep=ing the source for message text.
  • Compound conditionals split over multiple lines may be wrapped early at a logical operator to keep subexpressions together, with subsequent lines indented to match the start of the conditional test. For example, lines subsequent to the first in a multiline if conditional are indented 4 spaces, while 7 spaces.
  • Opening { on the same line as compound statements such as if, while, and do, and closing } on the same line as while.
  • { and } are omitted for single-line if and else clauses, except where both if and else clauses are used and one is multi-line, in which case both clauses are bracketed by { and }.
  • The second and subsequent lines of statements split onto multiple lines due to length may be indented 4 spaces, or for arguments to a function call, indented to align with prior arguments.
  • Operators are always surrounded by spaces, except the comma operator has no space preceding it.
  • Conditional statements and switch have a space between the reserved word and the required (. Conversely, function calls do not have a space before (.
  • return is not a function call. There should be no excess parentheses surrounding a returned value.
  • Do not mix arithmetic and logical expressions, even though C allows it. Compare non-logical expressions with 0 explicitly: if (0 == strcmp(... )) rather than if ( ! strcmp(... )).
  • Initialize local variables using explicit statements after the declarations, not using initializers, which can hide code from casual inspection.
  • This style makes it relatively easy to wind up with a narrow block of code riding the right side of the 72-character lines. In that case, refactor to reduce single-function complexity by splitting code into helper functions, or move exception handling ahead of the main line using return, break, or continue so the main line can be less indented.

Ideally the dot.emacs file in the top-level of the source distribution would represent this style, however it does not at this point.

dot.emacs format information:

The current dot.emacs settings are:

Basic offset Settings Description
c-basic-offset . 8 typical unit of indenting
c-fill-column . 72 wrap text that extends beyond 72?

c-offsets-list Settings Description
(arglist-intro . +) indent arguments (in calls, or only declaration?) by one c-basic-offset (8)
(case-label . *) indent case labels by a half "stop" (Note: this is wrong, case labels are at same indent as switch)
(statement-case-intro . *) The first line in a case block
(statement-cont . *) A continuation of a statement
(substatement-open . 0) Do not indent open curly brace in form if (cond)\n{ ?

Avoiding buffer overruns: snprintf(), strlcpy() and strlcat()

Do not use sprintf(), strcpy(), strcat(), strncpy(), or strncat(). These standard routines encourage buffer overrun or lack of string termination when truncating. Use snprintf(), strlcpy(), and strlcat(). The latter two are not standard C, and are provided by the NTP package when the system does not. See libntp/strl_obsd.c for documentation.

When using sscanf() with %s or %[, specify the size of the destination buffer minus one for the terminating NUL in the format width: char dest[128]; sscanf(source, "%127s", dest);

#include style

Each (generated) Makefile we use should all have correct -I entries in AM_CPPFLAGS, so included files are referenced by name only, without any path.

Every *.c file includes config.h before all other headers. Header files never include config.h.

System-provided headers are included next, using angle brackets:

 #include <stdio.h>

NTP headers are included last using quotes:

 #include "ntp.h"

Note the usual distinction between the two forms, whether the directory containing the source file is searched first, is not enforced in Automake makefiles -- either form will check both the current build directory and the directory containing the source file, then check each directory in the include search path. The Windows port similarly includes the source directory in the include search path, so that using either form is functionally equivalent.

html files

Set the following variables

 hm--html-automatic-create-modified-line        t
 hm--html-automatic-update-modified-line        t
(setq auto-mode-alist
    ("\\.html?$"                        . hm--html-mode)

Related Items

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r8 < r7 < r6 < r5 < r4 | More topic actions
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback