[PATCH] sock: clean up handling of ifr_name/ifr_newname

Dmitry V. Levin ldv at altlinux.org
Tue Oct 21 06:29:17 UTC 2014

On Sat, Oct 18, 2014 at 10:36:00PM -0400, Mike Frysinger wrote:
> The ifr name fields of the ifreq structure might not be NUL terminated.
> If the user makes an ioctl call where they aren't, then strace ends up
> reading random content from its own stack.
> Instead, let's create a local buffer of the exact right size (and NUL
> terminated), copy the user buffer into it, and then printf from that.
> +	/* The user might not NUL delim the field, so do it ourselves. */
> +	char name[IFNAMSIZ + 1];
> +	name[IFNAMSIZ] = '\0';
> +				memcpy(name, ifr.ifr_name, IFNAMSIZ);
> +				tprintf(", {ifr_name=\"%s\", ", name);

Do we really need a local buffer?
We already use precision modifiers in similar cases, so this parser
also could be fixed by using a precision modifier, e.g.

	tprintf(", {ifr_name=\"%.*s\", ", IFNAMSIZ, ifr.ifr_name);

P.S. I'm sorry for being slow with reviews, I'm on vacation,
will try to catch up during GSoC reunion.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20141021/3d214b90/attachment.bin>

More information about the Strace-devel mailing list