[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Li

From: Burkhard Plaum
Subject: Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux
Date: Tue, 28 Nov 2006 11:04:44 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.7.12-1.3.1


R. Bernstein wrote:
I guess nothing based on /sys just yet.

No. It can be added later, but for older kernels (without /sys),
we need a fallback anyway. And since the current method should work
for *all* linuxes, I don't know if it's worth the effort to implement
something more advanced.

Sorry for the late comment. I notice in cdio_follow_symlink() of
lib/driver/util.c some strcpy's used. Isn't good security practice to
use strncpy instead? Especially when one has the max length around
(PATH_MAX, and/or len)?

The question is: Can we trust PATH_MAX? The destination arrays are
always PATH_MAX large, so an overflow occurs only if the src is larger than
PATH_MAX. But can this happen? If yes, than we should change strcpy to
strncpy, that's right. And then: Does PATH_MAX include the trailing '\0'?
If not, we should make the arrays one byte longer.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]