Date: Fri, 6 Nov 2009 18:10:03 GMT From: Jilles Tjoelker <jilles@stack.nl> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/140228: [patch] mktemp(1) buffer overrun Message-ID: <200911061810.nA6IA36f004335@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/140228; it has been noted by GNATS. From: Jilles Tjoelker <jilles@stack.nl> To: bug-followup@FreeBSD.org, jeremyhu@apple.com Cc: Subject: Re: bin/140228: [patch] mktemp(1) buffer overrun Date: Fri, 6 Nov 2009 19:05:48 +0100 It seems more reasonable to have _gettemp() check the length of its input string, and fail with ENAMETOOLONG if it is longer than MAXPATHLEN. Your patch relies on the kernel to reject names longer than MAXPATHLEN with ENAMETOOLONG to avoid it reading past the end of carrybuf (in obscure cases). -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911061810.nA6IA36f004335>