You're right Jim... here's the story... I maintain an application
which had a bunch of strcpy() calls in it... some guy came along
and contributed patches that use strncpy() to make the application
secure... I applied them... without giving it much thought, I used
one of his strncpy() constructs in my fix for the HostRange bug
in 2.2.1... well, I just talked this over with a genuinely clever C
guru... stncpy(dst,src,strlen(src)) is wrong... it relies on dst being
zeroed out... he recommends strncpy(dst,src,sizeof(dst)-1)... (unless
you know want exactly N bytes from src in which case one should use
strncpy(dst,src,N) and dst[N+1] = '\0' of course...) but at any rate,
Cfengine is full of strcpy() calls so I'll send along a patch which
uses strcpy() later today or tomorrow.
steve
- - -
> ---- Original Message ----
> From: Jim Wight <[EMAIL PROTECTED]>
> On Thu, 2007-08-23 at 07:08 -0500, [EMAIL PROTECTED] wrote:
> > > > > If only strlen(refhost) bytes are copied from refhost then they
> > don't
> > > > > include the terminating null. It should strlen(refhost) + 1, or
> > strcpy
> > > > > should be used.
> > > > >
> > > > > A rebuilt 2.2.1 with the patch from the '2.2.1 broken HostRange
> > again?'
> > > > > thread on Mon Jun 25 21:51:47 CEST 2007 which worked yesterday
> > stopped
> > > > > working today. It was when I saw strange characters in the debug
> > output
> > > > > that I suspected what I found.
> > > >
> > > > Can you reproduce this behavior? Have you verified that
> > > > using strcpy() works for you??
> > >
> > > Yes.
> > >
> > > > It seems that both refbase and refhost are CF_MAXVARSIZE
> > > > in size and and refhost is guaranteed to be null terminated.
> > >
> > > refhost may be, but the problem is that refbase isn't. sp could be
> > > pointing anywhere after these two statements:
> > >
> > > strncpy(refbase,refhost,strlen(refhost));
> > > sp = refbase + strlen(refbase) - 1;
> >
> > Again, I think refbase and refhost are CF_MAXVARSIZE in size and
> > refhost is guaranteed to be null terminated so strlen(refbase) +
> > strlen(refbase) - 1 should always point to a null.
>
> Why? Where does that null come from? I don't see why the sizes of the
> arrays alone matter. If refhost is of length 6, then strncpy will only
> copy 6 characters. It would need to copy 7 to include the terminating
> null. The only way I can see it working is if there is a null
> conveniently at the end of the copied characters, which would be the
> case if refbase were initialised to nulls. It's obviously not in my
> case. If I print out the first 10 characters of refbase before and after
> the copy (on mill01) I get the following:
>
> 82 46 -17 71 -12 25 -49 -65 49 0
> 109 105 108 108 48 49 -49 -65 49 0
> m i l l 0 1
>
> There just happens to be a null 10 characters up, so strlen(refbase)
> comes out as 9 - see below.
>
> > > Printing strlen(refbase) after the copy gives numbers that are not
> > > always the length of the hostname.
> >
> > If this is the case, then why does HostRange seem to work for
> > everyone else??
>
> Luck? It did work for me for a day.
>
> > Would you please add...
> >
> > Debug("SRDEBUG2 strlen(refhost) is %d and strlen(refbase) is %d\n",
> > strlen(refhost),strlen(refbase));
> >
> > and post the output of...
> >
> > #!/path/to/your/new/cfagent -d --inform --no-splay --no-lock --file
> > control: actionsequence = ( shellcommands )
> > groups: hostmatch = ( HostRange(your-hostrange-basename-here,1-32) )
> > shellcommands: hostmatch:: "/bin/echo hostname does match"
> > shellcommands: !hostmatch:: "/bin/echo hostname does not match"
> >
> > piped to grep SRDEBUG?
>
> SRDEBUG FuzzyHostParse(mill,1-32) succeeded for mill01
> SRDEBUG2 strlen(refhost) is 6 and strlen(refbase) is 9
> SRDEBUG FuzzyHostMatch: split refhost=mill01 into refbase=mill01ÿ and
> cmp=1
> SRDEBUG Failed on name (mill01ûà != mill)
> SRDEBUG FuzzyHostMatch(mill,1-32,mill01) failed
>
> Jim
>
>
_______________________________________________
Bug-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/bug-cfengine
