[ic] vlink MINIVEND_SOCKET patch
Jon Jensen
jon at endpoint.com
Thu Jun 25 16:18:18 UTC 2020
On Wed, 6 May 2020, Peter Ajamian wrote:
> On 6/05/20 5:30 am, Peter wrote:
>>>> Also, if strlen(lsocket) > sizeof(sa.sun_path), a truncated copy would
>>>> end up being bunko, since it won’t refer to an actual valid path; would
>>>> it be better to just check if strlen(lsocket) > sizeof(sa.sun_path) -1
>>>> and error out if so?
>>>
>>> Great point. No reason to proceed if the filename will be truncated.
>>
>> I agree, but I think we should do both, even though only one or the other
>> is needed to prevent a buffer overflow both just makes doubly safe, and I
>> tend to prefer to get rid of strcpy in favor of strncpy where I see it.
>
> This should patch both vlink.c and vlink.pl. I still haven't tested:
[snip]
Peter,
I just wanted to check in on your vlink.c and vlink.pl updates to respect
the MINIVEND_SOCKET environment variable.
Did you run into any snags? Will you be able to commit those changes to
Git soon?
Thanks,
Jon
--
Jon Jensen
End Point Corporation
https://www.endpoint.com/
More information about the interchange-users
mailing list