Pavel Tsekov wrote:
BUGS
The glibc 2.3.2 implementation of this function is broken: it
overwrites memory when the actual number of groups is larger
than *ngroups.
As this is clearly a buffer overflow, we should not use the function at
all and document this somewhere. Maybe like that:
#if 0
/* the glibc implementation of getgrouplist(3) has a
* buffer overflow vulnerability, so we cannot use this function */
...
#endif
Roland
_______________________________________________
Mc-devel mailing list
http://mail.gnome.org/mailman/listinfo/mc-devel
