Re: [autofs] Re: New autofs in sid, please push to testing

To: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Cc: debian-release@lists.debian.org, autofs@linux.kernel.org
Subject: Re: [autofs] Re: New autofs in sid, please push to testing
From: raven@themaw.net
Date: Sun, 15 May 2005 22:06:51 +0800 (WST)
Message-id: <[🔎] Pine.LNX.4.62.0505152202390.14835@donald.themaw.net>
In-reply-to: <[🔎] 20050513114609.GA22968@uio.no>
References: <[🔎] 20050511115113.GA24295@uio.no> <[🔎] 20050513044148.GB4770@mauritius.dodds.net> <[🔎] 20050513114609.GA22968@uio.no>

On Fri, 13 May 2005, Steinar H. Gunderson wrote:

On Thu, May 12, 2005 at 09:41:52PM -0700, Steve Langasek wrote:


snip ...

The get_best_mount function worries me, as it's writing to a caller-provided
pointer (char *what) with no bounds checking.  This appears to be the
intended *use* of the pointer, so this isn't a blocking issue, it's just
something that ought to be cleaned up at some point (including making sure
there's no exploitable buffer overflow here when using things like LDAP or
Hesiod maps).


Perhaps.

I'll have a look but bounds checking should be done way before this so I'mnot so concerned about this. Checking that it is done at the right spot isthe important thing (I think it is in the latest release).

Ian

Reply to:

References:
- New autofs in sid, please push to testing
  - From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
- Re: New autofs in sid, please push to testing
  - From: Steve Langasek <vorlon@debian.org>
- Re: New autofs in sid, please push to testing
  - From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>

Prev by Date: Re: Please accept mailleds_0.93-11 for Sarge
Next by Date: cacti and mysql
Previous by thread: Re: New autofs in sid, please push to testing
Next by thread: Re: New autofs in sid, please push to testing
Index(es):
- Date
- Thread