[PATCH] sock: clean up handling of ifr_name/ifr_newname

Mike Frysinger vapier at gentoo.org
Tue Oct 21 12:30:24 UTC 2014


On 21 Oct 2014 10:29, Dmitry V. Levin wrote:
> On Sat, Oct 18, 2014 at 10:36:00PM -0400, Mike Frysinger wrote:
> > The ifr name fields of the ifreq structure might not be NUL terminated.
> > If the user makes an ioctl call where they aren't, then strace ends up
> > reading random content from its own stack.
> > 
> > Instead, let's create a local buffer of the exact right size (and NUL
> > terminated), copy the user buffer into it, and then printf from that.
> [...]
> > +	/* The user might not NUL delim the field, so do it ourselves. */
> > +	char name[IFNAMSIZ + 1];
> > +	name[IFNAMSIZ] = '\0';
> [...]
> > +				memcpy(name, ifr.ifr_name, IFNAMSIZ);
> > +				tprintf(", {ifr_name=\"%s\", ", name);
> 
> Do we really need a local buffer?
> We already use precision modifiers in similar cases, so this parser
> also could be fixed by using a precision modifier, e.g.
> 
> 	tprintf(", {ifr_name=\"%.*s\", ", IFNAMSIZ, ifr.ifr_name);

i had tried that originally, but i forgot to use the "." :x
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.strace.io/pipermail/strace-devel/attachments/20141021/0ad97350/attachment.bin>


More information about the Strace-devel mailing list