| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CACKs7VD_p=d+nvuFxkWofSE6jCoKAKx5w44_5ciTJ0NX_H1ZFA@mail.gmail.com>
Date: Fri, 11 Sep 2020 17:35:28 +0300
From: Stefan Puiu <stefan.puiu@...il.com>
To: Alejandro Colomar <colomar.6.4.3@...il.com>
Cc: Michael Kerrisk <mtk.manpages@...il.com>,
lnx-man <linux-man@...r.kernel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 12/24] getgrent_r.3: Use sizeof() to get buffer size
(instead of hardcoding macro name)
Hi,
On Fri, Sep 11, 2020 at 12:15 AM Alejandro Colomar
<colomar.6.4.3@...il.com> wrote:
>
> Signed-off-by: Alejandro Colomar <colomar.6.4.3@...il.com>
> ---
> man3/getgrent_r.3 | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/man3/getgrent_r.3 b/man3/getgrent_r.3
> index 81d81a851..76deec370 100644
> --- a/man3/getgrent_r.3
> +++ b/man3/getgrent_r.3
> @@ -186,7 +186,7 @@ main(void)
>
> setgrent();
> while (1) {
> - i = getgrent_r(&grp, buf, BUFLEN, &grpp);
> + i = getgrent_r(&grp, buf, sizeof(buf), &grpp);
I'm worried that less attentive people might copy/paste parts of this
in their code, where maybe buf is just a pointer, and expect it to
work. Maybe leaving BUFLEN here is useful as a reminder that they need
to change something to adapt the code?
Just my 2 cents,
Stefan.
Powered by blists - more mailing lists