This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] avoid buffer overflow in sunrpc clnt_create (BZ #22542)

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: Martin Sebor <msebor at gmail dot com>, Carlos O'Donell <carlos at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
Date: Sun, 3 Dec 2017 17:36:50 -0800
Subject: Re: [PATCH] avoid buffer overflow in sunrpc clnt_create (BZ #22542)
Authentication-results: sourceware.org; auth=none
References: <f6a8c32f-f524-9ebb-03bc-4484f8a80a16@gmail.com>

 struct sockaddr_un
   {
     __SOCKADDR_COMMON (sun_);
-    char sun_path[108];		/* Path name.  */
+    char sun_path[108]
+      __attribute_nonstring__;	/* Path name.  */
   };


This says "sun_path uses strncpy format", but....

+      if (strlen (hostname) >= sizeof sun.sun_path)
+	{
+	  struct rpc_createerr *ce = &get_rpc_createerr ();
+	  ce->cf_stat = RPC_UNKNOWNHOST;
+	  ce->cf_error.re_errno = EINVAL;
+	  return NULL;
+	}


... this says "sun_path uses ordinary string format", which isn't consistent.

I suggest that sun_path should use ordinary string format, since that's whatpeople expect. In other words, do not add __attribute_nonstring__ or changeclntunix_create, but instead just add the strlen check to clnt_create.

You might also consider using "__strnlen (hostname, sizeof sun.sun_path)"instead of "strlen (hostname)" to avoid bad asymptotic behavior if HOSTNAME is long.

Follow-Ups:
- Re: [PATCH] avoid buffer overflow in sunrpc clnt_create (BZ #22542)
  - From: Dmitry V. Levin

References:
- [PATCH] avoid buffer overflow in sunrpc clnt_create (BZ #22542)
  - From: Martin Sebor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]