On Sat, May 13, 2017 at 2:17 PM, Gert Doering <g...@greenie.muc.de> wrote:
> ACK, thanks. (No tests run whatsoever, but we've had a discussion about
> that on the security@ lists, and there was agreement that _countof is
> the thing to use - just nobody did it before, so thanks again :-) ).
>
> Your patch has been applied to the master and release/2.4 branch.
>
> Release/2.3 has "MAX_PATH" instead of sizeof or _countof, which is
> actually correct (but in contrast, it has no error checking for
> GetModuleFileNameW()...)
>
Oh, I missed that. Note to self: we should add error checking there. If the
buffer is too small we will get a truncated but null terminated name, so
that's not too bad. But if the call fails the buffer may contain random
bytes.
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
