Use of atoll() for CVE-2011-2522
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jul 28 06:49:13 MDT 2011
On Thu, Jul 28, 2011 at 08:41:55AM -0400, simo wrote:
> > The patch for CVE-2011-2522 uses atoll():
> > ...
> > + if (sizeof(time_t) == sizeof(int)) {
> > + xsrf_time = atoi(time_str);
> > + } else if (sizeof(time_t) == sizeof(long)) {
> > + xsrf_time = atol(time_str);
> > + } else if (sizeof(time_t) == sizeof(long long)) {
> > + xsrf_time = atoll(time_str);
> > + }
> > ...
> >
> > HP-UX 11.00/PA, 11.11/PA, and 11.23/PA do not provide this function. I
> > think it is specific to C99. Does Samba now require a C99-compliant
> > system to compile?
>
> Basically, yes, we decided C99 is the baseline a few years ago, after
> all we are in 2011, 12 years seem enough to get C99 standards adopted.
True. But where it's easy to work around old compilers we
should do so. IMHO. There seem to be some compilers/libs
that have partial C99 support.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
More information about the samba-technical
mailing list