Il Domenica 23 Febbraio 2014 10:39, Bart Martens <
bartm@debian.org> ha scritto:
Hi Gianfranco,
>
Hi Bart and debian mentors, first sorry for the late reply.
>I have two questions for you.
>
>1. The patch makes the program use one additional position of the memory
>pointed to by buf. Are you sure that there will be no buffer overflow for any
>value of name without replacing 14 by 15 in
the allocation ?
I honestly don't think so.
buf = (char *) malloc(strlen(name)+14); /* to allow for "/dev/cdroms/ + "0" + null */
"/dev/cdroms/" is 12 characters +1 +1
however we are looking to "/dev/cdrom/" +1 +1, that is only 11 characters, so the "upper case" is not this one, but the latest one (line 483 of the same source file)
moreover the malloc takes care of strlen(name) and we do
strcpy(buf, "/dev/");
strcat(buf, name);
temp[0]='0'+i;
temp[1]='\0';
so in our case we should just have 4+1+1 more
bytes, name+6 in total.
I don't see any particular issues there.
>
>2. The package has a high popcon. Have you thoroughly tested the resulting
>package ? I would feel more comfortable if you would confirm that on bug
>719110.
>
This is something I cannot really deeply test, however you can follow up the discussion on LP, where there is 15 comments about this topic.
Is that enough? I can upload the patch on a ppa and ask to the affected user to reproduce/test.
>Regards,
>
>Bart Martens
>
thanks to you,
Gianfranco
>
>