This is the mail archive of the
cygwin-patches@cygwin.com
mailing list for the Cygwin project.
Re: Part 2 of Fixing a security hole in mount table.
Corinna Vinschen wrote:
>
> On Wed, Sep 10, 2003 at 09:36:05AM -0400, Pierre A. Humblet wrote:
> > Corinna Vinschen wrote:
> > >
> > > Looks good to me, except for:
> > >
> > > > - char name[UNLEN + 1] = "";
> > > > + char name[UNLEN > 127 ? UNLEN + 1 : 128] = "";
> > >
> > > Huh? Why that? UNLEN is defined as 256 in lmcons.h so I don't understand
> > > the reasoning behind that complexity.
> > >
> > Just being paranoid. "name" can either contain a user name
> > (length UNLEN + 1) or a sid (length 128).
> > This construction costs nothing (the compiler does the work),
> > saves me from having to look up the .h file, and protects us
> > against possible header file changes.
>
> Please don't do this. It's just obfuscating the code. Except for this
> one, the code should be ok to check in.
OK, do you want to change that back and check it in?
Otherwise I will do it tonight.
As an aside, we should define something like MAX_SID_STRING_LEN in
security.h, instead of using numerical values in several places.
Then I could write
char name[UNLEN >= MAX_SID_STRING_LEN ? UNLEN + 1 : MAX_SID_STRING_LEN]
It's still paranoid but slightly less obfuscating :)
Pierre