On Sat, 08 Apr 2023 08:48:31 -0600, "Theo de Raadt" wrote:
> Mark Kettenis <[email protected]> wrote:
>
> > > +{
> > > + int len;
> > > +
> > > + len = OF_getprop(handle, prop, buf, buflen);
> > > + if (buflen > 0)
> > > + buf[min(len, buflen - 1)] = '\0';
> > > +
> > > + return (len);
> >
>
> I've mailed dlg seperately, but will raise it here also.
>
> If buflen is 0, then why call OF_getprop at all? I doubt this situation
> occurs, but you want to protect against it, ok....
>
> Maybe in the end if looks like this:
>
> int len = 0;
> if (buflen > 0) {
> len = OF_getprop(handle, prop, buf, buflen - 1);
> buf[min(len, buflen - 1)] = '\0';
> }
> return (len);
>
> OF_getprop() is now being called with buflen -1, which can avoid one
> extra character of processing effort for a long input string.
I think that will be wrong for the "name" property. From
sys/dev/ofw/fdt.c:OF_getprop
if (len < 0 && strcmp(prop, "name") == 0) {
data = fdt_node_name(node);
if (data) {
len = strlcpy(buf, data, buflen);
...
So passing in buflen is probably correct.
- todd
