[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-trivial] [Qemu-devel] [PATCH v2] slirp: use less predictable d
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-trivial] [Qemu-devel] [PATCH v2] slirp: use less predictable directory name in /tmp for smb config (CVE-2015-4037) |
|
Date: |
Wed, 03 Jun 2015 13:03:36 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) |
Michael Tokarev <address@hidden> writes:
> In this version I used mkdtemp(3) which is:
>
> _BSD_SOURCE
> || /* Since glibc 2.10: */
> (_POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700)
>
> (POSIX.1-2008), so should be available on systems we care about.
>
> While at it, reset the resulting directory name within smb structure
> on error so cleanup function wont try to remove directory which we
> failed to create.
>
> Signed-off-by: Michael Tokarev <address@hidden>
> ---
> v2:
> Add resetting of the dirname on failure so that cleanup function
> does not try to remove directory which we failed to create.
>
> Use snprintf() as was in the original code, not strcpy(): while
> in this very case it does not matter at all since both strings
> are of known size, some people dislike strcpy() in principle.
I guess I would've used pstrcpy(), but your use of snprintf() is just
fine.
Reviewed-by: Markus Armbruster <address@hidden>