This is the mail archive of the insight@sourceware.org mailing list for the Insight project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
| Other format: | [Raw text] | |
[I'm not subscribed to the mailing list, so please continue to cc
replies to me.]
Dave Korn wrote:
> Ben Hutchings wrote:
> > This security advisory explains a bug in some versions of Tcl, which
> > may affect Insight.
> >
> > Ben.
> >
> > readdir_r considered harmful
> > ============================
>
>
> Well, readdir_r is used in tcl/unix/tclUnixThrd.c as follows:
>
> --------------------------------snip--------------------------------
> typedef struct ThreadSpecificData {
> char nabuf[16];
> struct tm gtbuf;
> struct tm ltbuf;
> struct {
> Tcl_DirEntry ent;
> char name[PATH_MAX+1];
> } rdbuf;
> } ThreadSpecificData;
In some versions of Tcl (8.4.2 to 8.5a2 inclusive), the dimension of the
name field is MAXNAMLEN+1, not PATH_MAX+1.
<snip>
> I'm with Zaraza (sp?) on this one. What's wrong with statically sizing it
> to NAME_MAX+1, in accordance with the demands of the posix spec?
<snip>
NAME_MAX isn't required to be defined (and MAXNAMLEN isn't even
mentioned by POSIX, though it is equivalent on many systems). GNU/Hurd
doesn't define it, for example, because there is no practical limit on
name lengths there.
Ben.
--
Ben Hutchings
When you say `I wrote a program that crashed Windows', people just stare ...
and say `Hey, I got those with the system, *for free*'. - Linus Torvalds
Attachment:
signature.asc
Description: This is a digitally signed message part
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |