Date: Fri, 02 Mar 2001 11:30:40 -0700 From: Warner Losh <imp@harmony.village.org> To: "Jacques A. Vidrine" <n@nectar.com> Cc: audit@freebsd.org Subject: Re: PATH_MAX vs MAXPATHLEN Message-ID: <200103021830.f22IUed58587@harmony.village.org> In-Reply-To: Your message of "Fri, 02 Mar 2001 12:25:02 CST." <20010302122502.B63024@hamlet.nectar.com> References: <20010302122502.B63024@hamlet.nectar.com> <20010302115105.A63024@hamlet.nectar.com> <200103020206.f2226Md53114@harmony.village.org> <20010302115105.A63024@hamlet.nectar.com> <200103021814.f22IE3d58463@harmony.village.org> <200103020206.f2226Md53114@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010302122502.B63024@hamlet.nectar.com> "Jacques A. Vidrine" writes: : Here, you've changed p_path from MAXPATHLEN+1 to PATH_MAX (in another : chunk below), so the comparison should now be (strlen(target) >= PATH_MAX). : : I haven't looked carefully, but this probably has the same issue. Yes. I've changed both of these to use strlcpy or check as appropriate. : Same issue: should now be (n > PATH_MAX). I think that's right. : > @@ -961,7 +961,7 @@ : > return NULL; : > } : > #endif : > - REALLOC(file, filesz, MAXPATHLEN + 1, NULL); : > + REALLOC(file, filesz, PATH_MAX, NULL); : > for (n = 0; *ibufp != '\n';) : > file[n++] = *ibufp++; : > file[n] = '\0'; : : Et cetera... basically one byte less is getting allocated here and : there, but the length checks have not been updated to reflect this. But there are no length tests with the REALLOC stuff. But I'll go back to the original source and take a look to be sure. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103021830.f22IUed58587>