This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Harden put*ent functions against data injection [BZ #18724]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Mike Frysinger <vapier at gentoo dot org>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Tue, 28 Jul 2015 14:30:31 +0200
- Subject: Re: [PATCH] Harden put*ent functions against data injection [BZ #18724]
- Authentication-results: sourceware.org; auth=none
- References: <55B64BE2 dot 9060905 at redhat dot com> <20150728031924 dot GB21252 at vapier>
On 07/28/2015 05:19 AM, Mike Frysinger wrote:
> On 27 Jul 2015 17:18, Florian Weimer wrote:
>> - int i;
>> -
>> - for (i = 0 ; gr->gr_mem[i] != NULL; i++)
>> + for (size_t i = 0 ; gr->gr_mem[i] != NULL; i++)
>
> if you're tweaking style(ish), should trim the space before the first ; too
Fixed.
Carlos, I also added the BZ# references to the test cases.
>> --- /dev/null
>> +++ b/grp/tst-putgrent.c
>>
>> + ++errors;
>> ...
>> + return errors > 0;
>
> is an error count really necessary ? just make it a bool.
â++errors;â is clearer to me than âerrors |= true;â. Other test suite
code uses the counter approach, too.
> <paranoid>don't want it to overflow</paranoid>
Can't really happen here. :)
>> +check (const char *what, _Bool expr)
>
> why not "bool" ?
It requires #include <stdbool.h>.
--
Florian Weimer / Red Hat Product Security