[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v1] tools: fix usage of strncpy


  • To: Olaf Hering <olaf@xxxxxxxxx>
  • From: Ian Jackson <ian.jackson@xxxxxxxxxx>
  • Date: Mon, 8 Jun 2020 12:01:26 +0100
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Mon, 08 Jun 2020 11:01:37 +0000
  • Ironport-sdr: ifZbNR964yFrd7XAuIQluGtMgKvTWqNSB6993Gum/pgPe7Uqc5oGoLM63y3R2eYbYKREFstAcN s2I80MPcNDuLLq1L/kMn8POoPpZcOGlcMvde1YPmzO6c5WE/c3kqNBKzbxrFdQTJJ07UAx3mAM INOXYv094s+VMqk6Jr6XXxGiYjQ96UcAPBDioLW2Rh+5MEgG3BAPVl8JqOlRTidhH2IwVDovMV 75AadluaD+5MCyPfBB9iUH3IynthP2IPjD1osyCBR8h/ehweAYTZVcocdAXffa4RVUqz30rTn1 Sk4=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Olaf Hering writes ("Re: [PATCH v1] tools: fix usage of strncpy"):
> Am Mon,  8 Jun 2020 09:28:54 +0200
> schrieb Olaf Hering <olaf@xxxxxxxxx>:
> > off-by-one error in libxl__prepare_sockaddr_un
> 
> There is none, I had read the code backwards...

I have just had the same thoughts but in the opposite order.  That is
at first I thought this was not a problem, but now I think there is.

There are some kernel interfaces where a fixed-size buffer is
provided, and the kernel will tolerate a null-terminated string, but
will in any case not read beyond the end of the buffer.  Anything
involving IFNAMSIZ comes to mind.

But I think sun_path is not one of those.  The manpage I have here
says that to be portable you must null-terminate sun_path.  I know
that there are some implementations where it is possible to pass a
longer path, effectively treating sun_path as a trailing vla.

Looking at your diff, its effect seems to be to ensure
null-termination by truncating overlong paths.

I think the right approach is to return an error, not to silently
truncate.

Ian.



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.