This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: gamin-0.1.7


Dave wrote:
>>> if (strcmp(fsname, "FAT") == 0)
>> Had to change this to a strncmp(, , 3), but otherwise works perfectly.
> Seeing this and the messages about string vulnerabilities that are
> floating around, I thought I'd have a closer look at the function.
I didn't mean that I was forced to use strncmp instead of strcmp because
it was not secure, but that it simply wouldn't work otherwise: fsname
contains "FAT32" on a FAT32 drive, so a strcmp with "FAT" would fail,
and rightly so.
Limiting to the first 3 chars allows to match any "FAT*" which is indeed
the right thing to do, IMHO (I don't think any member of the "FAT"
family has different features regarding permissions).
> Turns out the code is fine. However note that this will only work on
> 2000/XP and greater. GetVolumePathName is only available when
> _WIN32_WINNT>=0x500
Mhh, I know pretty much nothing about Win32 programming (that's why I
love cygwin in the first place ^_^), I just copied that code by Yaakov
(and him, in turn, from Corinna AFAIR).

    Lapo


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]