Hey,
* Jens Seidel <[EMAIL PROTECTED]> [2006-12-30 18:19]:
> On Fri, Dec 29, 2006 at 07:08:29PM +0100, Nico Golde wrote:
> > +++ trr_format.c 2006-12-29 18:27:26.000000000 +0100
> > main(int argc, char **argv){
> > - char textfile[256], formattedfile[256], lockfile[256], *tmpfname;
> > - char command[256], line[1024];
> > + char textfile[_POSIX_PATH_MAX], formattedfile[_POSIX_PATH_MAX],
> > lockfile[_POSIX_PATH_MAX], *tmpfname;
> > + char command[_POSIX_PATH_MAX], line[_POSIX_PATH_MAX];
>
> Please note that this will probably not work with the Hurd. This system
> tries to avoid all useless limitations and _POSIX_PATH_MAX is one of
> these. The proper solution is to create the buffers dynamically ...Yes that would be better then I didnt do this cause the code doesnt really need dinamically allocated buffers. Anyway the patch should just show all the other problems that exist in the code but I would suggest a documentation of secure programming and a complete rewrite of the code to the upstream author. Also the substitution of SED and GREP via the makefile in the c-files and then calling system() is really ugly. Kind regards, happy new year Nico -- Nico Golde - http://www.ngolde.de JAB: [EMAIL PROTECTED] - GPG: 0x73647CFF Forget about that mouse with 3/4/5 buttons, gimme a keyboard with 103/104/105 keys!
pgpeFg2mZQUqE.pgp
Description: PGP signature
