[Date Prev][Date Next]
Re: strcat()->strncat() safety changes (ITS#518)
> Full_Name: Nalin Dahyabhai
> Version: 1.2.10
> OS: Linux 2.2.14
> URL: http://people.redhat.com/nalin/patches/openldap-1.2.9-strings.patch
> Submission from: (NULL) (220.127.116.11)
> While fixing a misconfigured set of defaults for a security errata, we took a
> at some of the string-handling code. A number of locations in the OpenLDAP
> use strcat() on fixed-size buffers. We changed the more obvious places where
> was happening to use strncat() instead. Please feel free to review the changes
> include them in subsequent releases if you find them useful.
I looked at some of this patch file. It is noteable at the top that
you have a RedHat copyright -- I don't know if it would make it incompatable
for contribution back to the OpenLDAP codebase, but it seems for minor changes
like those that such a copyright is unfounded.
Also, a number of those changes are unnecessary, and just add extra code.
For example, when you start with a 255 char buffer, and you are squeezing
extra spaces out, but definition you are not going to overrun that buffer.