Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/libc/net Actually guarantee that the returned buffer fro...
details: https://anonhg.NetBSD.org/src/rev/a02a06b34b88
branches: trunk
changeset: 819476:a02a06b34b88
user: kre <kre%NetBSD.org@localhost>
date: Wed Dec 07 09:52:34 2016 +0000
description:
Actually guarantee that the returned buffer from link_ntoa() is always
NUL terminated, even when called by malicious/broken applications.
diffstat:
lib/libc/net/linkaddr.c | 19 +++++++++++++++++--
1 files changed, 17 insertions(+), 2 deletions(-)
diffs (40 lines):
diff -r 28564fae1856 -r a02a06b34b88 lib/libc/net/linkaddr.c
--- a/lib/libc/net/linkaddr.c Wed Dec 07 04:58:39 2016 +0000
+++ b/lib/libc/net/linkaddr.c Wed Dec 07 09:52:34 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: linkaddr.c,v 1.20 2016/12/07 03:16:45 christos Exp $ */
+/* $NetBSD: linkaddr.c,v 1.21 2016/12/07 09:52:34 kre Exp $ */
/*-
* Copyright (c) 1990, 1993
@@ -34,7 +34,7 @@
#if 0
static char sccsid[] = "@(#)linkaddr.c 8.1 (Berkeley) 6/4/93";
#else
-__RCSID("$NetBSD: linkaddr.c,v 1.20 2016/12/07 03:16:45 christos Exp $");
+__RCSID("$NetBSD: linkaddr.c,v 1.21 2016/12/07 09:52:34 kre Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -153,6 +153,21 @@
*out++ = (ch); \
} while (/*CONSTCOND*/0)
+ /*
+ * This is not needed on the first call, as the static
+ * obuf wil be fully init'd to 0 by default. But after
+ * obuf has been returned to userspace the first time,
+ * anything may have been written to it, so, let's be safe.
+ *
+ * (An alternative method would be to make ADDC() more
+ * complex:
+ * if (out < obuf + sizeof(obuf) - ((ch) != '\0'))
+ * *out++ = (ch);
+ * so it never returns, and the final ACCD(0) always works
+ * but that evaluates 'ch' twice, and is slower, so ...)
+ */
+ obuf[sizeof(obuf) - 1] = '\0';
+
if (sdl->sdl_nlen) {
if (sdl->sdl_nlen >= sizeof(obuf))
i = sizeof(obuf) - 1;
Home |
Main Index |
Thread Index |
Old Index