On Mon, Aug 18, 2014 at 2:40 PM, Laszlo Papp <lp...@kde.org> wrote: > On Mon, Aug 18, 2014 at 2:37 PM, Denys Vlasenko <vda.li...@googlemail.com> > wrote: > >> On Mon, Aug 18, 2014 at 3:17 PM, Laszlo Papp <lp...@kde.org> wrote: >> >> > Denys, this fix was sent two weeks ago? Why have you not applied it >> >> > until >> >> > there is a better fix (if any)? This is still broken and results a >> >> > system >> >> > with potential stray users around. >> >> >> >> I'm having bad feelings about the fix along the lines of >> >> >> >> -#define PWD_BUFFER_SIZE 256 >> >> -#define GRP_BUFFER_SIZE 256 >> >> +#define PWD_BUFFER_SIZE 2*LOGIN_NAME_MAX+256 >> >> +#define GRP_BUFFER_SIZE 2*LOGIN_NAME_MAX+256 >> >> >> >> I fear that people (situations) strange enough to use names as long as >> >> >> >> >> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff >> >> can easily use names thrice as long. >> > >> > >> > I do not follow. It is also completely inline with the desktop practice >> that >> > has existed for several decades now... >> > >> >> >> >> From the API perspective, xmalloc_getpwnam(username) would be ideal. >> >> But it would require significant rework. >> > >> > >> > Exactly my point. I would be unhappy to keep patching my busybox locally >> > just because stray users can stay around on my system with the latest >> > busybox. My stance is usually applying changes that fix issues until >> there >> > are better approaches. Currently, I am not funded by anyone to work on >> this >> > "nice design" in full-time and I did provide a quick fix for the issue >> at >> > hand. >> >> How sure are you that a buffer of 3*256 is big enough? >> > > It is big enough for the passwd file itself. The group file is another > issue... (luckily not affecting us). >
For the group issue, I do not see any other OK solution than reallocating, but even that will have some upper limit of course unless you want to make the system potentially crash by exhausting the complete memory.
_______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
