> sure
> but make sense to remove bad examples in tree
What bad examples? I've done this audit before.
As far as I know, the endpwent()'s in the tree are all there because of
setpwent() or setpassent() is called; or because of getpwent()'s
instead of getpwnam()'s, and in situations where there i
sure
but make sense to remove bad examples in tree
On Wed, Jun 02, 2010 at 08:33:10AM -0600, Theo de Raadt wrote:
> > endpwent() here to close file descriptor opened by getpwnam(),
> > since that all work with the password database was done.
>
> But no file descriptor is open.
>
> setpassent() w
> endpwent() here to close file descriptor opened by getpwnam(),
> since that all work with the password database was done.
But no file descriptor is open.
setpassent() was never called to keep the fd open.
It's even explained in the manual page.
> Index: tftp-proxy.c
>
endpwent() here to close file descriptor opened by getpwnam(), since that all
work with the password database was done.
Index: tftp-proxy.c
===
RCS file: /cvs/src//libexec/tftp-proxy/tftp-proxy.c,v
retrieving revision 1.6
diff -u tftp
