On Sat, Oct 18, 2014 at 10:36:00PM -0400, Mike Frysinger wrote:
> The ifr name fields of the ifreq structure might not be NUL terminated.
> If the user makes an ioctl call where they aren't, then strace ends up
> reading random content from its own stack.
>
> Instead, let's create a local buffer of the exact right size (and NUL
> terminated), copy the user buffer into it, and then printf from that.
[...]
> + /* The user might not NUL delim the field, so do it ourselves. */
> + char name[IFNAMSIZ + 1];
> + name[IFNAMSIZ] = '\0';
[...]
> + memcpy(name, ifr.ifr_name, IFNAMSIZ);
> + tprintf(", {ifr_name=\"%s\", ", name);
Do we really need a local buffer?
We already use precision modifiers in similar cases, so this parser
also could be fixed by using a precision modifier, e.g.
tprintf(", {ifr_name=\"%.*s\", ", IFNAMSIZ, ifr.ifr_name);
P.S. I'm sorry for being slow with reviews, I'm on vacation,
will try to catch up during GSoC reunion.
--
ldv
pgpReg0iFXThf.pgp
Description: PGP signature
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
_______________________________________________ Strace-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/strace-devel
