On Mon, Jan 19, 2004 at 02:39:56PM -0800, jw schultz wrote:
> If we are going to vet the path name for overflow (a good idea) lets
> do it once, explicitly, as we receive it instead of having tests
> scattered throughout the code.
Fortunately the receive_file_entry() call was already checking this
On Mon, Jan 19, 2004 at 07:09:29PM -0800, Wayne Davison wrote:
> On Mon, Jan 19, 2004 at 06:46:48PM -0800, jw schultz wrote:
> > If you're going to do the strlen(src) and whatnot you might
> > as well just snag the strlcpy source and tweak it so you
> > only have to scan the data once.
>
> I snagg
On Mon, Jan 19, 2004 at 06:46:48PM -0800, jw schultz wrote:
> If you're going to do the strlen(src) and whatnot you might as well
> just snag the strlcpy source and tweak it so you only have to scan the
> data once.
I used rsync's version of strlcpy() from the lib/compat.c file as a
basis for the
On Mon, Jan 19, 2004 at 06:00:32PM -0800, Wayne Davison wrote:
> On Mon, Jan 19, 2004 at 05:44:20PM -0800, Wayne Davison wrote:
> > I'll append my util.c patch to this email.
>
> Or perhaps to this one...
If you're going to do the strlen(src) and whatnot you might
as well just snag the strlcpy so
On Mon, Jan 19, 2004 at 06:35:14PM -0800, jw schultz wrote:
> That is why we use stacked strlcpy.
Of course. I just thought I'd mention it since other sections of the
code have been using the strlcat() idiom and I have been optimizing
them away.
..wayne..
--
To unsubscribe or change options: ht
On Mon, Jan 19, 2004 at 05:44:20PM -0800, Wayne Davison wrote:
> On Mon, Jan 19, 2004 at 02:39:56PM -0800, jw schultz wrote:
> > If we are going to vet the path name for overflow (a good idea) lets
> > do it once, explicitly, as we receive it instead of having tests
> > scattered throughout the cod
On Mon, Jan 19, 2004 at 05:44:20PM -0800, Wayne Davison wrote:
> I'll append my util.c patch to this email.
Or perhaps to this one...
..wayne..
--- util.c 2 Jan 2004 07:31:02 - 1.123
+++ util.c 20 Jan 2004 01:14:34 -
@@ -553,6 +553,36 @@ void strlower(char *s)
}
}
On Mon, Jan 19, 2004 at 02:39:56PM -0800, jw schultz wrote:
> If we are going to vet the path name for overflow (a good idea) lets
> do it once, explicitly, as we receive it instead of having tests
> scattered throughout the code.
Yeah, good idea.
> When all you are doing is concatinating a coupl
On Mon, Jan 19, 2004 at 10:17:30AM -0800, Wayne Davison wrote:
> I've got a patch that changes f_name_to() to return an unsigned int
> (like sme_tonprintf() and strlcpy() do) and adds checking to ensure that we
> didn't overflow the name before we try to use it:
>
> http://www.blorf.net/name-o
On Mon, Jan 19, 2004 at 12:21:48PM -0800, Wayne Davison wrote:
> On Mon, Jan 19, 2004 at 12:05:16PM -0800, jw schultz wrote:
> > How about posting it?
>
> To the mailing list? I think that most of the subscribers aren't going
> to be interested in random patches, so it's more space- and bandwidth
I've got a patch that changes f_name_to() to return an unsigned int
(like snprintf() and strlcpy() do) and adds checking to ensure that we
didn't overflow the name before we try to use it:
http://www.blorf.net/name-overflow.patch
If anyone would care to check out the following patch before I
11 matches
Mail list logo
