On Thu, 9 Apr 2009, jan damborsky wrote: >> td_mg.c: line 2058: Back tracking through the call chain >> I can see that the passed in char *disk, is really a >> disk_info_t.disk_name which is a char *. In other words >> the disk_name is unbounded. In all likelihood it will >> be <MAXPATHLEN, but what is the effect on target discovery >> if it isn't (esp line 2097)? > > The assumption made here was based on following consideration: > partition/slice device name is also part of path in /dev/ directory, > e.g. /dev/dsk/<disk_name><slice_name> - and its total size is limited > to MAXPATHLEN, since it is regular path. > Since we are dealing only with '<disk_name><slice_name>' part here, > its size has is always <MAXPATHLEN. If mangled/invalid disk name is > provided, this is not right place to decide and take correct action, > the only thing we could do here is to be robust and avoid buffer > overflow which is assured by using snprintf.
Okay, sounds reasonable. I'm fine with the updated webrev. Alok
