[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] net: fix insecure temporary file creation in SL
|
From: |
P J P |
|
Subject: |
Re: [Qemu-devel] [PATCH] net: fix insecure temporary file creation in SLiRP |
|
Date: |
Tue, 2 Jun 2015 06:51:30 +0000 (UTC) |
Hello Markus,
> On Monday, 1 June 2015 1:28 PM, Markus Armbruster <address@hidden> wrote:
> Michael (cc'ed) already posted "[PATCH] slirp: use less predictable
> directory name in /tmp for smb config (CVE-2015-4037)"[*]. His patch
> clobbers s->smb_dir[] when mkdtemp() fails (missed that in my review),
> yours doesn't.
>
> Suggest you guys figure out together which solution you want.
Thank you so much for the review. IMO using separate smb_dir[] is prudent than
s->smb_dir.
> Preferably with strncpy() replaced by pstrcpy():
Yes.
Thank you.
---
Regards
-P J P
http://feedmug.com