more problems with 10-fix_potential_overflows.dpatch
Henrique de Moraes Holschuh
hmh at debian.org
Thu Jul 22 02:01:01 UTC 2010
On Wed, 21 Jul 2010, Patrick Goetz wrote:
> The patch listed below switches from using strcpy to strlcpy, which
> is questionable due to the lack of standardization of strlcpy. But
That is an argument you should never make. If a system doesn't have
strlcpy, it is uninteresting crap, and it will have to provide one through
gnulib or something.
Debian systems *always* have strlcpy, anyway.
> moreover, does it even make sense to take the sizeof of a UNIX
> socket?
What you're talking about? It is taking the size of an array inside a
structure, so as not to write past the end of that array.
> @@ -1246,7 +1246,7 @@
>
> /* can't have this and a file for input */
> sunsock.sun_family = AF_UNIX;
> - strcpy(sunsock.sun_path, output_socket);
> + strlcpy(sunsock.sun_path, output_socket, sizeof(sunsock.sun_path));
> unlink(output_socket);
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
More information about the Pkg-Cyrus-imapd-Debian-devel
mailing list