This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] avoid buffer overflow in sunrpc clnt_create (BZ #22542)
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: Martin Sebor <msebor at gmail dot com>, Carlos O'Donell <carlos at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Sun, 3 Dec 2017 17:36:50 -0800
- Subject: Re: [PATCH] avoid buffer overflow in sunrpc clnt_create (BZ #22542)
- Authentication-results: sourceware.org; auth=none
- References: <f6a8c32f-f524-9ebb-03bc-4484f8a80a16@gmail.com>
struct sockaddr_un
{
__SOCKADDR_COMMON (sun_);
- char sun_path[108]; /* Path name. */
+ char sun_path[108]
+ __attribute_nonstring__; /* Path name. */
};
This says "sun_path uses strncpy format", but....
+ if (strlen (hostname) >= sizeof sun.sun_path)
+ {
+ struct rpc_createerr *ce = &get_rpc_createerr ();
+ ce->cf_stat = RPC_UNKNOWNHOST;
+ ce->cf_error.re_errno = EINVAL;
+ return NULL;
+ }
... this says "sun_path uses ordinary string format", which isn't consistent.
I suggest that sun_path should use ordinary string format, since that's what
people expect. In other words, do not add __attribute_nonstring__ or change
clntunix_create, but instead just add the strlen check to clnt_create.
You might also consider using "__strnlen (hostname, sizeof sun.sun_path)"
instead of "strlen (hostname)" to avoid bad asymptotic behavior if HOSTNAME is long.