Re: [lxc-devel] [PATCH 2/4] coverity: ensure string is null terminated, return in error case

Fri, 03 May 2013 09:52:52 -0700 

On Fri, 3 May 2013 11:25:36 -0500
Serge Hallyn <serge.hal...@ubuntu.com> wrote:

> Quoting Dwight Engen (dwight.en...@oracle.com):
> > >From ac0d2e143fa450fc19dd3f9330a8fed8bd4a178b Mon Sep 17 00:00:00
> > >2001
> > From: Dwight Engen <dwight.en...@oracle.com>
> > Date: Fri, 3 May 2013 11:29:39 -0400
> > Subject: [PATCH 2/4] coverity: ensure string is null terminated,
> > return in error case
> > 
> > Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
> 
> I do think it was ok since it reads the full length of the file -
> though admittedly that could change out from under us, couldn'tn it.
> Anyway, worth it :)

Right, but the file likely does not have any \0 in it, and then
contents gets passed to strstr() via find_first_wholeword() so thats
why I thought it should be null terminated.
 
> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>
> 
> thanks
> 
> > ---
> >  src/lxc/lxccontainer.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
> > 
> > diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> > index 452323c..73c347d 100644
> > --- a/src/lxc/lxccontainer.c
> > +++ b/src/lxc/lxccontainer.c
> > @@ -1160,10 +1160,11 @@ static int update_name_and_paths(const char
> > *path, struct lxc_container *oldc, SYSERROR("rewinding old config");
> >             return -1;
> >     }
> > -   contents = malloc(flen);
> > +   contents = malloc(flen+1);
> >     if (!contents) {
> >             SYSERROR("out of memory");
> >             fclose(f);
> > +           return -1;
> >     }
> >     if (fread(contents, 1, flen, f) != flen) {
> >             free(contents);
> > @@ -1171,6 +1172,7 @@ static int update_name_and_paths(const char
> > *path, struct lxc_container *oldc, SYSERROR("reading old config");
> >             return -1;
> >     }
> > +   contents[flen] = '\0';
> >     if (fclose(f) < 0) {
> >             free(contents);
> >             SYSERROR("closing old config");
> > -- 
> > 1.8.1.4
> > 
> > 
> > ------------------------------------------------------------------------------
> > Get 100% visibility into Java/.NET code with AppDynamics Lite
> > It's a free troubleshooting tool designed for production
> > Get down to code-level detail for bottlenecks, with <2% overhead.
> > Download for free and get started troubleshooting in minutes.
> > http://p.sf.net/sfu/appdyn_d2d_ap2
> > _______________________________________________
> > Lxc-devel mailing list
> > Lxc-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-devel


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to