15 Sep
2016
15 Sep
'16
3:06 p.m.
For strncat, to obtain n, one must not subtract the length of what is appended,
but the length of what is already written from the buffer size.
Verified with this little test program:
#include <stdio.h>
#include <string.h>
int main() {
char buf[20];
strncpy(buf, "123", 10);
strncat(buf, "456789012345", 10 - strlen(buf));
printf("%s\n", buf);
return 0;
}
It prints "1234567890".
---
gtp/gtp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gtp/gtp.c b/gtp/gtp.c
index 12cb492..55a8ce4 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -650,7 +650,7 @@ static void log_restart(struct gsn_t *gsn)
filename[NAMESIZE - 1] = 0; /* No null term. guarantee by strncpy */
strncpy(filename, gsn->statedir, NAMESIZE - 1);
- strncat(filename, RESTART_FILE, NAMESIZE - 1 - sizeof(RESTART_FILE));
+ strncat(filename, RESTART_FILE, NAMESIZE - 1 - strlen(filename));
i = umask(022);
--
2.1.4
15 Sep
15 Sep
3:06 p.m.
New subject: [PATCH 2/3] add missing path separator for gsn_restart file
Put restart file in dir/gsn_restart instead of ../dirgsn_restart.
---
gtp/gtp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gtp/gtp.c b/gtp/gtp.c
index 55a8ce4..cdff238 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -650,7 +650,7 @@ static void log_restart(struct gsn_t *gsn)
filename[NAMESIZE - 1] = 0; /* No null term. guarantee by strncpy */
strncpy(filename, gsn->statedir, NAMESIZE - 1);
- strncat(filename, RESTART_FILE, NAMESIZE - 1 - strlen(filename));
+ strncat(filename, "/" RESTART_FILE, NAMESIZE - 1 - strlen(filename));
i = umask(022);
--
2.1.4
3:06 p.m.
New subject: [PATCH 3/3] cosmetic: gtp.c: clarify strncpy nul term
Rather nul-terminate string buffer after writing bytes. This is only cosmetic
since 'NAMESIZE - 1' is passed to the strn* functions. This ordering shows the
intention more clearly.
Also put the comment on its own line and explain in more detail.
---
gtp/gtp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/gtp/gtp.c b/gtp/gtp.c
index cdff238..c974b7b 100644
--- a/gtp/gtp.c
+++ b/gtp/gtp.c
@@ -648,9 +648,10 @@ static void log_restart(struct gsn_t *gsn)
int counter = 0;
char filename[NAMESIZE];
- filename[NAMESIZE - 1] = 0; /* No null term. guarantee by strncpy */
strncpy(filename, gsn->statedir, NAMESIZE - 1);
strncat(filename, "/" RESTART_FILE, NAMESIZE - 1 - strlen(filename));
+ /* guarantee nul term, strncpy might omit if too long */
+ filename[NAMESIZE - 1] = 0;
i = umask(022);
--
2.1.4
3:12 p.m.
New subject: OpenGGSN - Re: [PATCH 1/3] Fix possible buffer overflow for gsn_restart file path
This is a patch series for OpenGGSN. It was submitted before on August 18th,
but this new version separates the nul termination thing to a separate commit
(and slightly tweaks it).
~Neels
On Thu, Sep 15, 2016 at 03:06:38PM +0200, Neels Hofmeyr wrote:
For strncat, to obtain n, one must not subtract the
length of what is appended,
but the length of what is already written from the buffer size.
[...]
--
- Neels Hofmeyr <nhofmeyr(a)sysmocom.de> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Harald Welte
3:37 p.m.
New subject: OpenGGSN - Re: [PATCH 1/3] Fix possible buffer overflow for gsn_restart file path
On 15 Sep 2016, at 15:12, Neels Hofmeyr
<nhofmeyr(a)sysmocom.de> wrote:
This is a patch series for OpenGGSN. It was submitted before on August 18th,
but this new version separates the nul termination thing to a separate commit
(and slightly tweaks it).
I think I had raised it before. The code is not performance critical on start so why not
use talloc_strdup here?
holger
16 Sep
16 Sep
12:58 p.m.
New subject: OpenGGSN - Re: [PATCH 1/3] Fix possible buffer overflow for gsn_restart file path
On Thu, Sep 15, 2016 at 03:37:35PM +0200, Holger Freyther wrote:
I think I had raised it before. The code is not
performance critical on start so why not use talloc_strdup here?
I must have missed that somehow. Makes more sense indeed.
~Neels
--
- Neels Hofmeyr <nhofmeyr(a)sysmocom.de> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschäftsführer / Managing Directors: Harald Welte
3194
days inactive
3195
days old
osmocom-net-gprs@lists.osmocom.org
5 comments
2 participants
participants (2)
-
Holger Freyther -
Neels Hofmeyr