CVS commit: src/lib/librumpuser

Wed, 06 May 2020 05:45:36 -0700 

Module Name:    src
Committed By:   christos
Date:           Wed May  6 12:44:37 UTC 2020

Modified Files:
        src/lib/librumpuser: rumpuser_sp.c sp_common.c

Log Message:
Allocate one more byte so that we are always NUL-terminated, and remove
the extra commented out NUL-terminations. As suggested in:

    http://mail-index.netbsd.org/source-changes-d/2020/04/01/msg012470.html


To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 src/lib/librumpuser/rumpuser_sp.c
cvs rdiff -u -r1.40 -r1.41 src/lib/librumpuser/sp_common.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/lib/librumpuser/rumpuser_sp.c
diff -u src/lib/librumpuser/rumpuser_sp.c:1.76 src/lib/librumpuser/rumpuser_sp.c:1.77
--- src/lib/librumpuser/rumpuser_sp.c:1.76	Wed May  6 03:25:26 2020
+++ src/lib/librumpuser/rumpuser_sp.c	Wed May  6 08:44:36 2020
@@ -1,4 +1,4 @@
-/*      $NetBSD: rumpuser_sp.c,v 1.76 2020/05/06 07:25:26 kamil Exp $	*/
+/*      $NetBSD: rumpuser_sp.c,v 1.77 2020/05/06 12:44:36 christos Exp $	*/
 
 /*
  * Copyright (c) 2010, 2011 Antti Kantee.  All Rights Reserved.
@@ -37,7 +37,7 @@
 #include "rumpuser_port.h"
 
 #if !defined(lint)
-__RCSID("$NetBSD: rumpuser_sp.c,v 1.76 2020/05/06 07:25:26 kamil Exp $");
+__RCSID("$NetBSD: rumpuser_sp.c,v 1.77 2020/05/06 12:44:36 christos Exp $");
 #endif /* !lint */
 
 #include <sys/types.h>
@@ -699,10 +699,8 @@ serv_handlesyscall(struct spclient *spc,
 }
 
 static void
-serv_handleexec(struct spclient *spc, struct rsp_hdr *rhdr, char *comm)
+serv_handleexec(struct spclient *spc, struct rsp_hdr *rhdr, const char *comm)
 {
-	size_t commlen = rhdr->rsp_len - HDRSZ;
-
 	pthread_mutex_lock(&spc->spc_mtx);
 	/* one for the connection and one for us */
 	while (spc->spc_refcnt > 2)
@@ -715,14 +713,6 @@ serv_handleexec(struct spclient *spc, st
 	 * very much).  proceed with exec.
 	 */
 
-#if 0 /* XXX triggers buffer overflow */
-	/* ensure comm is 0-terminated */
-	/* TODO: make sure it contains sensible chars? */
-	comm[commlen] = '\0';
-#else
-	(void)commlen;
-#endif
-
 	lwproc_switch(spc->spc_mainlwp);
 	lwproc_execnotify(comm);
 	lwproc_switch(NULL);
@@ -980,22 +970,11 @@ handlereq(struct spclient *spc)
 		}
 
 		if (spc->spc_hdr.rsp_handshake == HANDSHAKE_GUEST) {
-			char *comm = (char *)spc->spc_buf;
-			size_t commlen = spc->spc_hdr.rsp_len - HDRSZ;
-
-#if 0 /* XXX triggers buffer overflow */
-			/* ensure it's 0-terminated */
-			/* XXX make sure it contains sensible chars? */
-			comm[commlen] = '\0';
-#else
-			(void)commlen;
-#endif
-
 			/* make sure we fork off of proc1 */
 			_DIAGASSERT(lwproc_curlwp() == NULL);
 
-			if ((error = lwproc_rfork(spc,
-			    RUMP_RFFD_CLEAR, comm)) != 0) {
+			if ((error = lwproc_rfork(spc, RUMP_RFFD_CLEAR,
+			    (const char *)spc->spc_buf)) != 0) {
 				shutdown(spc->spc_fd, SHUT_RDWR);
 			}
 

Index: src/lib/librumpuser/sp_common.c
diff -u src/lib/librumpuser/sp_common.c:1.40 src/lib/librumpuser/sp_common.c:1.41
--- src/lib/librumpuser/sp_common.c:1.40	Mon Mar 23 21:13:41 2020
+++ src/lib/librumpuser/sp_common.c	Wed May  6 08:44:36 2020
@@ -1,4 +1,4 @@
-/*      $NetBSD: sp_common.c,v 1.40 2020/03/24 01:13:41 kamil Exp $	*/
+/*      $NetBSD: sp_common.c,v 1.41 2020/05/06 12:44:36 christos Exp $	*/
 
 /*
  * Copyright (c) 2010, 2011 Antti Kantee.  All Rights Reserved.
@@ -502,11 +502,12 @@ readframe(struct spclient *spc)
 			return 1;
 		}
 
-		spc->spc_buf = malloc(framelen - HDRSZ);
+		/* Add an extra byte so that we are always NUL-terminated */
+		spc->spc_buf = malloc(framelen - HDRSZ + 1);
 		if (spc->spc_buf == NULL) {
 			return -1;
 		}
-		memset(spc->spc_buf, 0, framelen - HDRSZ);
+		memset(spc->spc_buf, 0, framelen - HDRSZ + 1);
 
 		/* "fallthrough" */
 	} else {

Reply via email to