[bug #28446] No checks are made for unteminated strings in RPC messages

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #28446] No checks are made for unteminated strings in RPC messages

From:	Kalle Olavi Niemitalo
Subject:	[bug #28446] No checks are made for unteminated strings in RPC messages
Date:	Tue, 12 Jul 2016 09:05:47 +0000 (UTC)
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.8.0

Follow-up Comment #1, bug #28446 (project hurd):

The client-side dir_lookup function generated by MIG calls
__mig_strncpy(InP->file_name, file_name, 1024) to copy the file name to the
request message.  If the file name is too long, this silently truncates it and
does not append a null character.  So you can also test the server behavior by
trying to open such a file via libc:


rpctrace -E LC_ALL=C -s 2000 cat $(perl -e "print 'a' x 1020")12345


This shows the string in the message ends with "aaa1234".

I think MIG-generated code should return an error instead of truncating the
string.  This is less important than fixing the code that examines received
messages, though.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?28446>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #28446] No checks are made for unteminated strings in RPC messages, Kalle Olavi Niemitalo <=

Prev by Date: [bug #48464] term in IUCLC aka ILCASE mode does not treat backslash as escape
Next by Date: [bug #22861] bogus answer from pflocal to io_select SELECT_URG
Previous by thread: [bug #48464] term in IUCLC aka ILCASE mode does not treat backslash as escape
Next by thread: [bug #22861] bogus answer from pflocal to io_select SELECT_URG
Index(es):
- Date
- Thread