Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/lib/librumpuser Allocate one more byte so that we are always...
details: https://anonhg.NetBSD.org/src/rev/bca0cc07d1e0
branches: trunk
changeset: 971842:bca0cc07d1e0
user: christos <christos%NetBSD.org@localhost>
date: Wed May 06 12:44:36 2020 +0000
description:
Allocate one more byte so that we are always NUL-terminated, and remove
the extra commented out NUL-terminations. As suggested in:
http://mail-index.netbsd.org/source-changes-d/2020/04/01/msg012470.html
diffstat:
lib/librumpuser/rumpuser_sp.c | 31 +++++--------------------------
lib/librumpuser/sp_common.c | 7 ++++---
2 files changed, 9 insertions(+), 29 deletions(-)
diffs (94 lines):
diff -r ed055f269a75 -r bca0cc07d1e0 lib/librumpuser/rumpuser_sp.c
--- a/lib/librumpuser/rumpuser_sp.c Wed May 06 11:58:33 2020 +0000
+++ b/lib/librumpuser/rumpuser_sp.c Wed May 06 12:44:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rumpuser_sp.c,v 1.76 2020/05/06 07:25:26 kamil Exp $ */
+/* $NetBSD: rumpuser_sp.c,v 1.77 2020/05/06 12:44:36 christos Exp $ */
/*
* Copyright (c) 2010, 2011 Antti Kantee. All Rights Reserved.
@@ -37,7 +37,7 @@
#include "rumpuser_port.h"
#if !defined(lint)
-__RCSID("$NetBSD: rumpuser_sp.c,v 1.76 2020/05/06 07:25:26 kamil Exp $");
+__RCSID("$NetBSD: rumpuser_sp.c,v 1.77 2020/05/06 12:44:36 christos Exp $");
#endif /* !lint */
#include <sys/types.h>
@@ -699,10 +699,8 @@
}
static void
-serv_handleexec(struct spclient *spc, struct rsp_hdr *rhdr, char *comm)
+serv_handleexec(struct spclient *spc, struct rsp_hdr *rhdr, const char *comm)
{
- size_t commlen = rhdr->rsp_len - HDRSZ;
-
pthread_mutex_lock(&spc->spc_mtx);
/* one for the connection and one for us */
while (spc->spc_refcnt > 2)
@@ -715,14 +713,6 @@
* very much). proceed with exec.
*/
-#if 0 /* XXX triggers buffer overflow */
- /* ensure comm is 0-terminated */
- /* TODO: make sure it contains sensible chars? */
- comm[commlen] = '\0';
-#else
- (void)commlen;
-#endif
-
lwproc_switch(spc->spc_mainlwp);
lwproc_execnotify(comm);
lwproc_switch(NULL);
@@ -980,22 +970,11 @@
}
if (spc->spc_hdr.rsp_handshake == HANDSHAKE_GUEST) {
- char *comm = (char *)spc->spc_buf;
- size_t commlen = spc->spc_hdr.rsp_len - HDRSZ;
-
-#if 0 /* XXX triggers buffer overflow */
- /* ensure it's 0-terminated */
- /* XXX make sure it contains sensible chars? */
- comm[commlen] = '\0';
-#else
- (void)commlen;
-#endif
-
/* make sure we fork off of proc1 */
_DIAGASSERT(lwproc_curlwp() == NULL);
- if ((error = lwproc_rfork(spc,
- RUMP_RFFD_CLEAR, comm)) != 0) {
+ if ((error = lwproc_rfork(spc, RUMP_RFFD_CLEAR,
+ (const char *)spc->spc_buf)) != 0) {
shutdown(spc->spc_fd, SHUT_RDWR);
}
diff -r ed055f269a75 -r bca0cc07d1e0 lib/librumpuser/sp_common.c
--- a/lib/librumpuser/sp_common.c Wed May 06 11:58:33 2020 +0000
+++ b/lib/librumpuser/sp_common.c Wed May 06 12:44:36 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sp_common.c,v 1.40 2020/03/24 01:13:41 kamil Exp $ */
+/* $NetBSD: sp_common.c,v 1.41 2020/05/06 12:44:36 christos Exp $ */
/*
* Copyright (c) 2010, 2011 Antti Kantee. All Rights Reserved.
@@ -502,11 +502,12 @@
return 1;
}
- spc->spc_buf = malloc(framelen - HDRSZ);
+ /* Add an extra byte so that we are always NUL-terminated */
+ spc->spc_buf = malloc(framelen - HDRSZ + 1);
if (spc->spc_buf == NULL) {
return -1;
}
- memset(spc->spc_buf, 0, framelen - HDRSZ);
+ memset(spc->spc_buf, 0, framelen - HDRSZ + 1);
/* "fallthrough" */
} else {
Home |
Main Index |
Thread Index |
Old Index