[ic] vlink MINIVEND_SOCKET patch
Peter
peter at pajamian.dhs.org
Tue May 5 17:30:11 UTC 2020
On 6/05/20 4:58 am, Jon Jensen wrote:
> On Tue, 5 May 2020, David Christensen wrote:
>
>>> + strncpy(sa.sun_path, lsocket, sizeof(sa.sun_path) - 1);
>>
>> A couple of questions: is the sa struct guaranteed to be zero’d, so we
>> don’t need to worry about a NULL terminator (i.e., why there’s a -1 in
>> sizeof call)?
>
> Using 1 byte smaller than sizeof, strncpy() guarantees null termination,
> because it clears the rest of the buffer, so it will have at least one
> null at the end.
Exactly, and I took the code almost verbatim from unix(7):
http://man7.org/linux/man-pages/man7/unix.7.html
>> Also, if strlen(lsocket) > sizeof(sa.sun_path), a truncated copy would
>> end up being bunko, since it won’t refer to an actual valid path;
>> would it be better to just check if strlen(lsocket) >
>> sizeof(sa.sun_path) -1 and error out if so?
>
> Great point. No reason to proceed if the filename will be truncated.
I agree, but I think we should do both, even though only one or the
other is needed to prevent a buffer overflow both just makes doubly
safe, and I tend to prefer to get rid of strcpy in favor of strncpy
where I see it.
BTW I just stayed up nearly all night rewriting the spec file. I think
it will be nice to have some decent RPM packages to go along with the
5.12.0 release which I'm happy to host in GhettoForge. I'll be testing
tomorrow.
Peter
More information about the interchange-users
mailing list