On 21/01/12 04:41 PM, Martin Sevior wrote:
>
> Hi Svante,
>
> Unfortunately I think your patch is insecure and may lead to buffer
> overrun exploits. Is there no PATH_MAX equivalent in GNU/Hurd? Maybe
> we could use a std:string instead?
>
The only unsecure part is if there is garbage in sz and that strlen
return a large number. But then g_malloc() will not be happy.
But we already used that in the previous code.
Hub
Received on Sun Jan 22 01:57:29 2012
This archive was generated by hypermail 2.1.8 : Sun Jan 22 2012 - 01:57:29 CET