This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Fix nscd readlink argument aliasing (bug 22446)


On 12/18/2017 10:44 AM, Joseph Myers wrote:
> Current GCC mainline detects that nscd calls readlink with the same
> buffer for both input and output, which is not valid (those arguments
> are both restrict-qualified in POSIX).  This patch makes it use a
> separate buffer for readlink's input (with a size that is sufficient
> to avoid truncation, so there should be no problems with warnings
> about possible truncation, though not strictly minimal, but much
> smaller than the buffer for output) to avoid this problem.
> 
> Tested compilation for aarch64-linux-gnu with build-many-glibcs.py.
> 
> 2017-12-18  Joseph Myers  <joseph@codesourcery.com>
> 
> 	[BZ #22446]
> 	* nscd/connections.c (handle_request) [SO_PEERCRED]: Use separate
> 	buffers for readlink input and output.

LGTM.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> diff --git a/nscd/connections.c b/nscd/connections.c
> index cc1ed72..dab722d 100644
> --- a/nscd/connections.c
> +++ b/nscd/connections.c
> @@ -1077,14 +1077,15 @@ cannot handle old request version %d; current version is %d"),
>        if (debug_level > 0)
>  	{
>  #ifdef SO_PEERCRED
> +	  char pbuf[sizeof ("/proc//exe") + 3 * sizeof (long int)];
>  # ifdef PATH_MAX
>  	  char buf[PATH_MAX];
>  # else
>  	  char buf[4096];
>  # endif
>  
> -	  snprintf (buf, sizeof (buf), "/proc/%ld/exe", (long int) pid);
> -	  ssize_t n = readlink (buf, buf, sizeof (buf) - 1);
> +	  snprintf (pbuf, sizeof (pbuf), "/proc/%ld/exe", (long int) pid);
> +	  ssize_t n = readlink (pbuf, buf, sizeof (buf) - 1);
>  
>  	  if (n <= 0)
>  	    dbg_log (_("\
> 


-- 
Cheers,
Carlos.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]