[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Li
From: |
Burkhard Plaum |
Subject: |
Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux |
Date: |
Tue, 28 Nov 2006 11:04:44 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.7.12-1.3.1 |
Hi,
R. Bernstein wrote:
I guess nothing based on /sys just yet.
No. It can be added later, but for older kernels (without /sys),
we need a fallback anyway. And since the current method should work
for *all* linuxes, I don't know if it's worth the effort to implement
something more advanced.
Sorry for the late comment. I notice in cdio_follow_symlink() of
lib/driver/util.c some strcpy's used. Isn't good security practice to
use strncpy instead? Especially when one has the max length around
(PATH_MAX, and/or len)?
The question is: Can we trust PATH_MAX? The destination arrays are
always PATH_MAX large, so an overflow occurs only if the src is larger than
PATH_MAX. But can this happen? If yes, than we should change strcpy to
strncpy, that's right. And then: Does PATH_MAX include the trailing '\0'?
If not, we should make the arrays one byte longer.
Burkhard
- [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, plaum, 2006/11/20
- [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, R. Bernstein, 2006/11/20
- [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, R. Bernstein, 2006/11/20
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, plaum, 2006/11/21
- Message not available
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, plaum, 2006/11/27
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, R. Bernstein, 2006/11/28
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux,
Burkhard Plaum <=
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, R. Bernstein, 2006/11/28
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, Burkhard Plaum, 2006/11/28
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, R. Bernstein, 2006/11/28
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, Burkhard Plaum, 2006/11/28
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, Burkhard Plaum, 2006/11/28
- Re: [Libcdio-devel] [Patch] More bullet-proof drive detection for GNU/Linux, R. Bernstein, 2006/11/28