This is the mail archive of the insight@sourceware.org mailing list for the Insight project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
[I'm not subscribed to the mailing list, so please continue to cc replies to me.] Dave Korn wrote: > Ben Hutchings wrote: > > This security advisory explains a bug in some versions of Tcl, which > > may affect Insight. > > > > Ben. > > > > readdir_r considered harmful > > ============================ > > > Well, readdir_r is used in tcl/unix/tclUnixThrd.c as follows: > > --------------------------------snip-------------------------------- > typedef struct ThreadSpecificData { > char nabuf[16]; > struct tm gtbuf; > struct tm ltbuf; > struct { > Tcl_DirEntry ent; > char name[PATH_MAX+1]; > } rdbuf; > } ThreadSpecificData; In some versions of Tcl (8.4.2 to 8.5a2 inclusive), the dimension of the name field is MAXNAMLEN+1, not PATH_MAX+1. <snip> > I'm with Zaraza (sp?) on this one. What's wrong with statically sizing it > to NAME_MAX+1, in accordance with the demands of the posix spec? <snip> NAME_MAX isn't required to be defined (and MAXNAMLEN isn't even mentioned by POSIX, though it is equivalent on many systems). GNU/Hurd doesn't define it, for example, because there is no practical limit on name lengths there. Ben. -- Ben Hutchings When you say `I wrote a program that crashed Windows', people just stare ... and say `Hey, I got those with the system, *for free*'. - Linus Torvalds
Attachment:
signature.asc
Description: This is a digitally signed message part
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |