On Fri, May 29, 2009 at 11:33:23AM +0900, Ken'ichi Ohmichi wrote: > > Hi, > > It actually walks through 'user' twice, once to compute length by > strlen() and then it's actually copied by strncpy(). So that is the > same as call strcpy(). > > > Thanks > Ken'ichi Ohmichi > > Reported-by: Jan Safranek <[email protected]> > Signed-off-by: Ken'ichi Ohmichi <[email protected]> > --- > src/api.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/api.c b/src/api.c > index 4f88d20..944dc48 100644 > --- a/src/api.c > +++ b/src/api.c > @@ -476,8 +476,8 @@ static int cgroup_parse_rules(bool cache, uid_t muid, > gid_t mgid) > > newrule->uid = uid; > newrule->gid = gid; > - strncpy(newrule->name, user, strlen(user)); > - strncpy(newrule->destination, destination, strlen(destination)); > + strcpy(newrule->name, user); > + strcpy(newrule->destination, destination);
NAK. please change it to strncpy(newrule->name, user, LOGIN_NAME_MAX -1) and similarly please. We want the strncpy for safety. thanks, -- regards, Dhaval ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
