more problems with 10-fix_potential_overflows.dpatch
Patrick Goetz
pgoetz at mail.utexas.edu
Wed Jul 21 21:26:57 UTC 2010
The patch listed below switches from using strcpy to strlcpy, which is
questionable due to the lack of standardization of strlcpy. But
moreover, does it even make sense to take the sizeof of a UNIX socket?
@@ -1246,7 +1246,7 @@
/* can't have this and a file for input */
sunsock.sun_family = AF_UNIX;
- strcpy(sunsock.sun_path, output_socket);
+ strlcpy(sunsock.sun_path, output_socket, sizeof(sunsock.sun_path));
unlink(output_socket);
listen_sock = socket(AF_UNIX, SOCK_STREAM, 0);
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list