Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/lib/librumpuser Allocate one more byte so that we are always...



details:   https://anonhg.NetBSD.org/src/rev/bca0cc07d1e0
branches:  trunk
changeset: 971842:bca0cc07d1e0
user:      christos <christos%NetBSD.org@localhost>
date:      Wed May 06 12:44:36 2020 +0000

description:
Allocate one more byte so that we are always NUL-terminated, and remove
the extra commented out NUL-terminations. As suggested in:

    http://mail-index.netbsd.org/source-changes-d/2020/04/01/msg012470.html

diffstat:

 lib/librumpuser/rumpuser_sp.c |  31 +++++--------------------------
 lib/librumpuser/sp_common.c   |   7 ++++---
 2 files changed, 9 insertions(+), 29 deletions(-)

diffs (94 lines):

diff -r ed055f269a75 -r bca0cc07d1e0 lib/librumpuser/rumpuser_sp.c
--- a/lib/librumpuser/rumpuser_sp.c     Wed May 06 11:58:33 2020 +0000
+++ b/lib/librumpuser/rumpuser_sp.c     Wed May 06 12:44:36 2020 +0000
@@ -1,4 +1,4 @@
-/*      $NetBSD: rumpuser_sp.c,v 1.76 2020/05/06 07:25:26 kamil Exp $  */
+/*      $NetBSD: rumpuser_sp.c,v 1.77 2020/05/06 12:44:36 christos Exp $       */
 
 /*
  * Copyright (c) 2010, 2011 Antti Kantee.  All Rights Reserved.
@@ -37,7 +37,7 @@
 #include "rumpuser_port.h"
 
 #if !defined(lint)
-__RCSID("$NetBSD: rumpuser_sp.c,v 1.76 2020/05/06 07:25:26 kamil Exp $");
+__RCSID("$NetBSD: rumpuser_sp.c,v 1.77 2020/05/06 12:44:36 christos Exp $");
 #endif /* !lint */
 
 #include <sys/types.h>
@@ -699,10 +699,8 @@
 }
 
 static void
-serv_handleexec(struct spclient *spc, struct rsp_hdr *rhdr, char *comm)
+serv_handleexec(struct spclient *spc, struct rsp_hdr *rhdr, const char *comm)
 {
-       size_t commlen = rhdr->rsp_len - HDRSZ;
-
        pthread_mutex_lock(&spc->spc_mtx);
        /* one for the connection and one for us */
        while (spc->spc_refcnt > 2)
@@ -715,14 +713,6 @@
         * very much).  proceed with exec.
         */
 
-#if 0 /* XXX triggers buffer overflow */
-       /* ensure comm is 0-terminated */
-       /* TODO: make sure it contains sensible chars? */
-       comm[commlen] = '\0';
-#else
-       (void)commlen;
-#endif
-
        lwproc_switch(spc->spc_mainlwp);
        lwproc_execnotify(comm);
        lwproc_switch(NULL);
@@ -980,22 +970,11 @@
                }
 
                if (spc->spc_hdr.rsp_handshake == HANDSHAKE_GUEST) {
-                       char *comm = (char *)spc->spc_buf;
-                       size_t commlen = spc->spc_hdr.rsp_len - HDRSZ;
-
-#if 0 /* XXX triggers buffer overflow */
-                       /* ensure it's 0-terminated */
-                       /* XXX make sure it contains sensible chars? */
-                       comm[commlen] = '\0';
-#else
-                       (void)commlen;
-#endif
-
                        /* make sure we fork off of proc1 */
                        _DIAGASSERT(lwproc_curlwp() == NULL);
 
-                       if ((error = lwproc_rfork(spc,
-                           RUMP_RFFD_CLEAR, comm)) != 0) {
+                       if ((error = lwproc_rfork(spc, RUMP_RFFD_CLEAR,
+                           (const char *)spc->spc_buf)) != 0) {
                                shutdown(spc->spc_fd, SHUT_RDWR);
                        }
 
diff -r ed055f269a75 -r bca0cc07d1e0 lib/librumpuser/sp_common.c
--- a/lib/librumpuser/sp_common.c       Wed May 06 11:58:33 2020 +0000
+++ b/lib/librumpuser/sp_common.c       Wed May 06 12:44:36 2020 +0000
@@ -1,4 +1,4 @@
-/*      $NetBSD: sp_common.c,v 1.40 2020/03/24 01:13:41 kamil Exp $    */
+/*      $NetBSD: sp_common.c,v 1.41 2020/05/06 12:44:36 christos Exp $ */
 
 /*
  * Copyright (c) 2010, 2011 Antti Kantee.  All Rights Reserved.
@@ -502,11 +502,12 @@
                        return 1;
                }
 
-               spc->spc_buf = malloc(framelen - HDRSZ);
+               /* Add an extra byte so that we are always NUL-terminated */
+               spc->spc_buf = malloc(framelen - HDRSZ + 1);
                if (spc->spc_buf == NULL) {
                        return -1;
                }
-               memset(spc->spc_buf, 0, framelen - HDRSZ);
+               memset(spc->spc_buf, 0, framelen - HDRSZ + 1);
 
                /* "fallthrough" */
        } else {



Home | Main Index | Thread Index | Old Index