Hey,
* Jens Seidel <jensseidel@users.sf.net> [2006-12-30 18:19]:
> On Fri, Dec 29, 2006 at 07:08:29PM +0100, Nico Golde wrote:
> > +++ trr_format.c 2006-12-29 18:27:26.000000000 +0100
> > main(int argc, char **argv){
> > - char textfile[256], formattedfile[256], lockfile[256], *tmpfname;
> > - char command[256], line[1024];
> > + char textfile[_POSIX_PATH_MAX], formattedfile[_POSIX_PATH_MAX], lockfile[_POSIX_PATH_MAX], *tmpfname;
> > + char command[_POSIX_PATH_MAX], line[_POSIX_PATH_MAX];
>
> Please note that this will probably not work with the Hurd. This system
> tries to avoid all useless limitations and _POSIX_PATH_MAX is one of
> these. The proper solution is to create the buffers dynamically ...
Yes that would be better then I didnt do this cause the code
doesnt really need dinamically allocated buffers. Anyway the
patch should just show all the other problems that exist in
the code but I would suggest a documentation of secure
programming and a complete rewrite of the code to the
upstream author. Also the substitution of SED and GREP via
the makefile in the c-files and then calling system() is
really ugly.
Kind regards, happy new year
Nico
--
Nico Golde - http://www.ngolde.de
JAB: nion@jabber.ccc.de - GPG: 0x73647CFF
Forget about that mouse with 3/4/5 buttons,
gimme a keyboard with 103/104/105 keys!
Attachment:
pgpTP_HXKTXTA.pgp
Description: PGP signature