LCDproc development and user support list

Text archives Help


[Lcdproc] config_get_string


Chronological Thread 
  • From: reenoo AT gmx.de (Rene Wagner)
  • Subject: [Lcdproc] config_get_string
  • Date: Mon Dec 3 20:17:01 2001

"David GLAUDE Mailing"
<dglaudemailing AT gmx.net>
wrote:
> From: "Joris Robijn"
> <joris AT robijn.net>
>
> > > BTW: Is a strcpy OK?
> >
> > Jep. The config stuff accepts up to 200 chars currently and should
> > always be terminated correctly. You may need to check if the string
> > is not too long for you, or use strncpy and set the last char to \0.
> >
> > But hey, even if you don't, it's only a driver. You can hardly
> > exploit anything here.
>
> Not so sure...
> Someone with local access and a way to modify the config file could
> trigger the problem. So maybe a local exploit is possible.

Yes, possible ;)
So shouldn't configfile.c check that already?
I mean, a device file of let's say 100 chars wouldn't be that normal ;)
Have you already done that, Joris?

>
> > > In another version I've changed the whole way my driver handles data
> > > (private_data struct), so I will have to modify that version, too, in
>
> order
>
> > > to commit it.
> > > I'll probably do so tomorrow ;)
> >
> > Can you not let CVS merge the changes ? First (update and) commit
> > first one, then (update and) commit second one ? I've used that
> > once...
>
> Or you create a diff between your version and the last original one you
> used.
> Then you update and try to apply you patch.
> If it get rejected, try manualy.

Don't worry about me ;)
I just wanted to check again what I've done.
Obviously (see the segfault thing) you can't check your code often enough ;)

Rene




Archive powered by MHonArc 2.6.18.

Top of page