This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: gamin-0.1.7
- From: Lapo Luchini <lapo dot luchini at gmail dot com>
- To: Dave <kilroyd at googlemail dot com>
- Cc: cygwin-apps at cygwin dot com, Alessandro Premoli <a dot premoli at andxor dot it>
- Date: Wed, 15 Feb 2006 16:09:16 +0100
- Subject: Re: gamin-0.1.7
- References: <43D804B8.5010707@lapo.it> <20060125233034.GB19455@trixie.casa.cgf.cx> <43D81994.8020403@users.sourceforge.net> <43D8FDA4.2010409@lapo.it> <43D9426E.3080106@users.sourceforge.net> <43D955BF.8090102@users.sourceforge.net> <43DE244C.2030402@lapo.it> <43DEB2E4.2020106@users.sourceforge.net> <Pine.GSO.4.63.0601302011170.2628@access1.cims.nyu.edu> <43DECBA1.1030508@users.sourceforge.net> <43DF2F7F.7050203@lapo.it> <43E16CE2.9090307@users.sourceforge.net> <43F0A57A.5020505@lapo.it> <43F2291C.2030905@gmail.com>
Dave wrote:
>>> if (strcmp(fsname, "FAT") == 0)
>> Had to change this to a strncmp(, , 3), but otherwise works perfectly.
> Seeing this and the messages about string vulnerabilities that are
> floating around, I thought I'd have a closer look at the function.
I didn't mean that I was forced to use strncmp instead of strcmp because
it was not secure, but that it simply wouldn't work otherwise: fsname
contains "FAT32" on a FAT32 drive, so a strcmp with "FAT" would fail,
and rightly so.
Limiting to the first 3 chars allows to match any "FAT*" which is indeed
the right thing to do, IMHO (I don't think any member of the "FAT"
family has different features regarding permissions).
> Turns out the code is fine. However note that this will only work on
> 2000/XP and greater. GetVolumePathName is only available when
> _WIN32_WINNT>=0x500
Mhh, I know pretty much nothing about Win32 programming (that's why I
love cygwin in the first place ^_^), I just copied that code by Yaakov
(and him, in turn, from Corinna AFAIR).
Lapo