On 21 Oct 2014 10:29, Dmitry V. Levin wrote:
> On Sat, Oct 18, 2014 at 10:36:00PM -0400, Mike Frysinger wrote:
> > The ifr name fields of the ifreq structure might not be NUL terminated.
> > If the user makes an ioctl call where they aren't, then strace ends up
> > reading random content from its own stack.
> >
> > Instead, let's create a local buffer of the exact right size (and NUL
> > terminated), copy the user buffer into it, and then printf from that.
> [...]
> > + /* The user might not NUL delim the field, so do it ourselves. */
> > + char name[IFNAMSIZ + 1];
> > + name[IFNAMSIZ] = '\0';
> [...]
> > + memcpy(name, ifr.ifr_name, IFNAMSIZ);
> > + tprintf(", {ifr_name=\"%s\", ", name);
>
> Do we really need a local buffer?
> We already use precision modifiers in similar cases, so this parser
> also could be fixed by using a precision modifier, e.g.
>
> tprintf(", {ifr_name=\"%.*s\", ", IFNAMSIZ, ifr.ifr_name);i had tried that originally, but i forgot to use the "." :x -mike
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho
_______________________________________________ Strace-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/strace-devel
