On Mon, Aug 18, 2014 at 3:17 PM, Laszlo Papp <lp...@kde.org> wrote: >> > Denys, this fix was sent two weeks ago? Why have you not applied it >> > until >> > there is a better fix (if any)? This is still broken and results a >> > system >> > with potential stray users around. >> >> I'm having bad feelings about the fix along the lines of >> >> -#define PWD_BUFFER_SIZE 256 >> -#define GRP_BUFFER_SIZE 256 >> +#define PWD_BUFFER_SIZE 2*LOGIN_NAME_MAX+256 >> +#define GRP_BUFFER_SIZE 2*LOGIN_NAME_MAX+256 >> >> I fear that people (situations) strange enough to use names as long as >> >> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff >> can easily use names thrice as long. > > > I do not follow. It is also completely inline with the desktop practice that > has existed for several decades now... > >> >> From the API perspective, xmalloc_getpwnam(username) would be ideal. >> But it would require significant rework. > > > Exactly my point. I would be unhappy to keep patching my busybox locally > just because stray users can stay around on my system with the latest > busybox. My stance is usually applying changes that fix issues until there > are better approaches. Currently, I am not funded by anyone to work on this > "nice design" in full-time and I did provide a quick fix for the issue at > hand.
How sure are you that a buffer of 3*256 is big enough? _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox