On Thu, Sep 25, 2008 at 08:09:44AM -0600, Brad Nicholes wrote:
> <[EMAIL PROTECTED]> wrote:
> > {
> > name_len = strlen(firstName);
> > buff = malloc(name_len+1);
> > - strcpy(buff, firstName);
> > + strncpy(buff, firstName, name_len + 1);
> > firstName = buff;
> > secondName = strchr(buff+1,':');
> > if(secondName)
> > @@ -705,7 +705,7 @@
> >
> > spoof_info_len = strlen(metric_id->host);
> > buff = malloc(spoof_info_len+1);
> > - strcpy(buff,metric_id->host);
> > + strncpy(buff, metric_id->host, spoof_info_len + 1);
> > spoofIP = buff;
> > if( !(spoofName = strchr(buff+1,':')) ){
> > err_msg("Incorrect format for spoof argument. exiting.\n");
>
> Shouldn't the length passed into the strncpy() functions be the actual
> length rather than the length + 1?
no, if you use the actual length then you will stop copying before the NULL
terminator and leave the string unterminated if that last character happen
to be not NULL
> The reason for allocating the buffer as length + 1 is to accommodate
> the NULL terminator. If the strncpy() function allows a string of the
> same size as the allocated buffer, it will still overrun with the NULL
> terminator or be left without a NULL terminator.
it will be left without a NULL terminator if there is no NULL character
found while copying, but in this case will never happen because the length
was calculated based on a previous strlen and so :
* it is known that there is a NULL character at the end of the source string
* it is known it is located 1 byte after the length
you could argue there is still a race condition open because the null
terminator could be removed between the strlen call and the strncpy call to
force an overflow, but as I put in the commit log, this is an "equivalent"
call and the same can be done with the current code that will just happily
overflow without any bounds.
for this last case, strncpy automatic padding if the source is smaller than
the buffer allocated will give also some extra protection.
Carlo
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ganglia-developers mailing list
Ganglia-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ganglia-developers
