From: DJ Delorie <dj@redhat.com>
To: "Maciej W. Rozycki" <macro@mips.com>
Cc: schwab@suse.de, libc-alpha@sourceware.org
Subject: Re: [PATCH v2] nisplus: Correct pwent parsing issue and resulting compilation error [BZ #23266]
Date: Mon, 18 Jun 2018 19:44:00 -0000 [thread overview]
Message-ID: <xnlgbbnalq.fsf@greed.delorie.com> (raw)
In-Reply-To: <alpine.DEB.2.00.1806181657110.20622@tp.orcam.me.uk> (macro@mips.com)
"Maciej W. Rozycki" <macro@mips.com> writes:
> - if (len == 0 && numstr[len - 1] != '\0')
> + if (len == 0 || numstr[len - 1] != '\0')
I think this part of the patch(es) is good, but a second part might be
needed to avoid future problems[*]:
+ if (len > 0)
strncpy (first_unused, numstr, len);
It looks like that clause handles two cases (if not, ignore the rest of
this email ;)...
1. if we don't have a valid entry, create a zero-length temporary
entry.
2. If the entry is too long to be nul-terminated (or otherwise isn't
nul-terminated), create a temporary nul-terminated one.
The strncpy is only needed for the second case. Since we already know
the length, and are going to nul-terminate it ourselves anyway, a memcpy
would work just as well (but still need the above if-check), unless the
nis server is allowed to return an entry with an embedded nul, in which
case strncpy might prevent data leakage from whatever's after the nul.
I would consider that a different kind of bug, though, and we're calling
strtoul on the result anyway.
However, for the first case, we're always producing a string that causes
the following "if (numstr[0] == '\0')" test to be true, so the only real
purpose of going through all that code for zero-length strings is to
make sure the buffer has room for the trailing nul :-P (and we need the
test for other cases anyway).
I don't think that's worth changing the code for, though. Maybe a
comment clarifying why it's the way it is, if we care that much ;-)
[*] GCC's analyzer is getting, if not better, at least more agressive.
I expect the trend to continue.
next prev parent reply other threads:[~2018-06-18 19:44 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-18 15:10 [PATCH] nisplus: Correct pwent parsing issue and resulting compilation error Maciej W. Rozycki
2018-06-18 15:25 ` Joseph Myers
2018-06-18 15:45 ` Maciej W. Rozycki
2018-06-18 15:49 ` Joseph Myers
2018-06-18 15:41 ` Andreas Schwab
2018-06-18 16:13 ` [PATCH v2] nisplus: Correct pwent parsing issue and resulting compilation error [BZ #23266] Maciej W. Rozycki
2018-06-18 19:44 ` DJ Delorie [this message]
2018-06-18 20:11 ` Maciej W. Rozycki
2018-06-18 20:40 ` DJ Delorie
2018-06-25 19:17 ` [PING][PATCH " Maciej W. Rozycki
2018-06-26 1:32 ` DJ Delorie
2018-06-27 20:14 ` [committed v3] nisplus: Correct pwent parsing issue and resulting build " Maciej W. Rozycki
2018-06-27 21:03 ` Joseph Myers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xnlgbbnalq.fsf@greed.delorie.com \
--to=dj@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=macro@mips.com \
--cc=schwab@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).