Hi Dhaval, Dhaval Giani wrote: >>>> It actually walks through 'user' twice, once to compute length by >>>> strlen() and then it's actually copied by strncpy(). So that is the >>>> same as call strcpy(). >>>> >>>> >>>> Thanks >>>> Ken'ichi Ohmichi >>>> >>>> Reported-by: Jan Safranek <[email protected]> >>>> Signed-off-by: Ken'ichi Ohmichi <[email protected]> >>>> --- >>>> src/api.c | 4 ++-- >>>> 1 files changed, 2 insertions(+), 2 deletions(-) >>>> >>>> diff --git a/src/api.c b/src/api.c >>>> index 4f88d20..944dc48 100644 >>>> --- a/src/api.c >>>> +++ b/src/api.c >>>> @@ -476,8 +476,8 @@ static int cgroup_parse_rules(bool cache, uid_t muid, >>>> gid_t mgid) >>>> >>>> newrule->uid = uid; >>>> newrule->gid = gid; >>>> - strncpy(newrule->name, user, strlen(user)); >>>> - strncpy(newrule->destination, destination, strlen(destination)); >>>> + strcpy(newrule->name, user); >>>> + strcpy(newrule->destination, destination); >>> NAK. please change it to >>> >>> strncpy(newrule->name, user, LOGIN_NAME_MAX -1) >>> >>> and similarly please. We want the strncpy for safety. >> OK, and I updated the patch for the readability :-) >> > > Can you please resend with your Signed-off-by and a changelog? I will > merge it in.
I sent a new version of cleanup patchset which contains this patch and two new cleanup patches also. Could you please check it ? [PATCH-v2 0/4] Cleanup patchset (separated from "Add a new rule based on process name.") Thanks Ken'ichi Ohmichi ------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get _______________________________________________ Libcg-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libcg-devel
