This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Part 2 of Fixing a security hole in mount table.

Corinna Vinschen wrote:
> 
> On Wed, Sep 10, 2003 at 09:36:05AM -0400, Pierre A. Humblet wrote:
> > Corinna Vinschen wrote:
> > >
> > > Looks good to me, except for:
> > >
> > > > -  char name[UNLEN + 1] = "";
> > > > +  char name[UNLEN > 127 ? UNLEN + 1 : 128] = "";
> > >
> > > Huh?  Why that?  UNLEN is defined as 256 in lmcons.h so I don't understand
> > > the reasoning behind that complexity.
> > >
> > Just being paranoid. "name" can either contain a user name
> > (length UNLEN + 1) or a sid (length 128).
> > This construction costs nothing (the compiler does the work),
> > saves me from having to look up the .h file, and protects us
> > against possible header file changes.
> 
> Please don't do this.  It's just obfuscating the code.  Except for this
> one, the code should be ok to check in.

OK, do you want to change that back and check it in? 
Otherwise I will do it tonight. 

As an aside, we should define something like MAX_SID_STRING_LEN in 
security.h, instead of using numerical values in several places.
Then I could write 
char name[UNLEN >= MAX_SID_STRING_LEN ? UNLEN + 1 : MAX_SID_STRING_LEN]
It's still paranoid but slightly less obfuscating :)

Pierre
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]