Re: nonstrings in Glibc

["Dmitry V. Levin" <ldv at altlinux dot org>]

On Tue, Nov 21, 2017 at 04:41:27PM -0700, Martin Sebor wrote:
> On 11/20/2017 11:20 AM, Carlos O'Donell wrote:
> > On 11/20/2017 08:54 AM, Martin Sebor wrote:
> >> I'm done testing my update to the -Wstringop-truncation GCC patch
> >> to find misuses of non-string arrays.  With the very limited use
> >> of attribute nonstring it only found one potential bug (22447).
> >> I've been looking at other uses of strncpy in Glibc to see if there
> >> are other arrays that would benefit from the attribute.  I'm not
> >> sufficiently familiar with Glibc data structures so it's a very
> >> slow going.  Could someone help suggests data structures with
> >> array members that might be candidates?
> >
> > struct sockaddr's sun_path?
> >
> > http://thread.gmane.org/gmane.comp.standards.posix.austin.general/5735
> >
> > Is that what you need help finding?
> 
> Yes, that's what I'm looking for, thanks!
> 
>  From the referenced thread it sounds like POSIX doesn't require
> sun_path to be nul-terminated and BSD UNIX doesn't terminate it.
> But I'm not sure what happens on Linux.  According to Michael
> Kerrisk's response it sounds like it is nul-terminated, but
> then according to the longer discussion on linux.kernel.api
> it sounds like it isn't.  Which is it?

When struct sockaddr_un is passed to linux kernel, the kernel doesn't
treat sun_path as nul-terminated, see net/unix/af_unix.c:unix_mkname
for implementation details.

However, when linux kernel returns struct sockaddr_un, sun_path is
nul-terminated if there is enough room provided by userspace, e.g.
it may need sizeof(struct sockaddr_un) + 1 bytes to write that NUL
beyond struct sockaddr_un.sun_path.

strace test suite contains a test (sun_path.test) for this linux kernel
behavior.


-- 
ldv

Attachment: signature.asc
Description: PGP signature