[PATCH] sock: clean up handling of ifr_name/ifr_newname
Dmitry V. Levin
ldv at altlinux.org
Tue Oct 21 06:29:17 UTC 2014
On Sat, Oct 18, 2014 at 10:36:00PM -0400, Mike Frysinger wrote:
> The ifr name fields of the ifreq structure might not be NUL terminated.
> If the user makes an ioctl call where they aren't, then strace ends up
> reading random content from its own stack.
>
> Instead, let's create a local buffer of the exact right size (and NUL
> terminated), copy the user buffer into it, and then printf from that.
[...]
> + /* The user might not NUL delim the field, so do it ourselves. */
> + char name[IFNAMSIZ + 1];
> + name[IFNAMSIZ] = '\0';
[...]
> + memcpy(name, ifr.ifr_name, IFNAMSIZ);
> + tprintf(", {ifr_name=\"%s\", ", name);
Do we really need a local buffer?
We already use precision modifiers in similar cases, so this parser
also could be fixed by using a precision modifier, e.g.
tprintf(", {ifr_name=\"%.*s\", ", IFNAMSIZ, ifr.ifr_name);
P.S. I'm sorry for being slow with reviews, I'm on vacation,
will try to catch up during GSoC reunion.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20141021/3d214b90/attachment.bin>
More information about the Strace-devel
mailing list