On Thu, Sep 30, 2004 at 11:59:37AM -0400, John (J5) Palmieri wrote:
This is in reference to RH bug#133941. It is suggested I take this discussion to fedora-devel. What is keeping this patch out of FC3? I
Had a quick look. It contains an obvious missing null pointer check. Would
also need security review against pam_console and an explanation of why
it relies on pam_console innards (paths etc)
Also snprintf doesn't need to be passed bufsize - 1, but just bufsize, from info libc:
The `snprintf' function is similar to `sprintf', except that the SIZE argument specifies the maximum number of characters to produce. The trailing null character is counted towards this limit, so you should allocate at least SIZE characters for the string S.
The morale: this looks a really quick hack for a suid binary like mount!
Regards,
Hans
