[461] in bugtraq
Re: 8lgm's SCO "at" hole
daemon@ATHENA.MIT.EDU (Casper Dik)
Sun Dec 11 09:17:02 1994
To: John Nemeth <jnemeth@cue.bc.ca>
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Sat, 10 Dec 1994 17:23:52 PST."
<199412110123.RAA24934@cue.bc.ca>
Date: Sun, 11 Dec 1994 14:15:47 +0100
From: Casper Dik <casper@fwi.uva.nl>
>On Dec 10, 2:22pm, Casper Dik wrote:
>} Subject: Re: 8lgm's SCO "at" hole
>}
>} Getwd() is to getcwd() what gets() is to fgets() [ well, almost ].
>}
>} When chosing between: getwd(char *buf) and getcwd(char *buf, size_t
>} size_of_buf) the choice should be obvious.
>
> I would have to disagree. fgets() can return any amount of data
>(potentially GB if connected to a socket or very large file); whereas,
>getwd() won't return anything bigger then MAXPATHLEN, so buf can be
>sized appropriately.
Almost true, and definitely true for binaries that ship with the system.
But lets pick a nit:
What happens when some future version of Unix increases the MAXPATHLEN
manifest constant?
Your application has it compiled in as 1024 (current standard value),
but the getwd() routine can return a longer pathname in future.
getcwd() will never have such a problem.
But agreed, getwd() is currently not a problem. Getcwd is the preferred
interface anyway (on modern systems :-)
I've only seen something like this break once, bonus points for who
can tell why the following is wrong:
select(getdtablesize(), &readfds, &writefds, &exceptfds, &timeout);
Casper
