On Mon, Jan 19, 2004 at 10:17:30AM -0800, Wayne Davison wrote: > I've got a patch that changes f_name_to() to return an unsigned int > (like sme_tonprintf() and strlcpy() do) and adds checking to ensure that we > didn't overflow the name before we try to use it: > > http://www.blorf.net/name-overflow.patch > > If anyone would care to check out the following patch before I commit > it, please do.
I don't like it on two counts. If we are going to vet the path name for overflow (a good idea) lets do it once, explicitly, as we receive it instead of having tests scattered throughout the code. In other words, test for strlen(file->dirname) + strlen(file->basename) >= MAXPATHLEN - 2 in receive_file_entry(). When all you are doing is concatinating a couple of strings snprintf is overkill, especially in an infrastructure function. As it is now f_name_to() is about as good as it gets. We went through several iterations with get_tmpname() to keep it clean and efficient there is no need to regress here. -- ________________________________________________________________ J.W. Schultz Pegasystems Technologies email address: [EMAIL PROTECTED] Remember Cernan and Schmitt -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html