Am 16.03.2015 um 13:03 schrieb Geert Uytterhoeven:
> On Mon, Mar 16, 2015 at 12:41 PM, Richard Weinberger <rich...@nod.at> wrote:
>> --- a/fs/hostfs/hostfs_kern.c
>> +++ b/fs/hostfs/hostfs_kern.c
>> @@ -105,11 +105,10 @@ static char *__dentry_name(struct dentry *dentry, char
>> *name)
>
> This code looks fishy to me...
>
> First we have:
>
> len = strlen(root);
> strlcpy(name, root, PATH_MAX);
>
> (I notice the code used strncpy() before. One difference with strlcpy()
> is that strncpy() fills the remaining of the destination buffer with zeroes.)
>
> Then:
>
>> __putname(name);
>> return NULL;
>> }
>> - if (p > name + len) {
>> - char *s = name + len;
>
> Unless strlcpy() truncated the string (which is unlikely, as root
> cannot be longer
> than PATH_MAX?), s = name + len now points to the zero terminator.
> So the below would copy just one single byte:
>
>> - while ((*s++ = *p++) != '\0')
>> - ;
>> - }
>> +
>> + if (p > name + len)
>> + strcpy(name + len, p);
>> +
>
> What is this code really supposed to do?
Hostfs' __dentry_name() builds the real path. i.e, the prefix on the host side
plus the requested path in UML.
"strlcpy(name, root, PATH_MAX);" copies the host prefix into name and then
the "strcpy(name + len, p);" copies the requested path into it.
The trick is that both share the same buffer, allocated by dentry_path_raw().
Therefore this bounds check works:
if (len > p - name) {
__putname(name);
return NULL;
}
Is it now clearer or did I miss something?
I agree that this code is tricky. :)
Thanks,
//richard
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
