On 02/03/2010 08:45 AM, Colin McCabe wrote:
When we create a static buffer for an inode name, and treat it like a
null-terminated string, it needs to be of length CLD_INODE_NAME_MAX + 1 so
that it can hold the NULL-terminator.
In cldc_del and cldc_open, we should check that the user-submitted inode name
is less than or equal to CLD_INODE_NAME_MAX. Formerly we were just checking
that it wasn't too big to fit in the packet.
When copying the inode name out of struct cld_dirent_cur, use snprintf rather
than strcpy to ensure that we never overflow the buffer. This isn't strictly
necessary if all other checks are working perfectly, but it seems prudent.
Signed-off-by: Colin McCabe<[email protected]>
applied, after s/snprintf/strncpy/
In general, too, you should never pass a variable string into snprintf,
as that may make a program vulnerable to printf format string attacks
(user supplies "%s" as a username, for example).
A few other changes made to your XDR work:
* "\n" removed from log messages, as that is appended as needed by log
implementation
* user_key() restored. that is our authentication hook, and it must be
called, even though it merely returns the username passed to it at present.
* msg type renamed back to msg op
Jeff
--
To unsubscribe from this list: send the line "unsubscribe hail-devel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
