'[bug #28446] No checks are made for unteminated strings in RPC messages'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       hurd-bug
Subject:    [bug #28446] No checks are made for unteminated strings in RPC messages
From:       Kalle Olavi Niemitalo <INVALID.NOREPLY () gnu ! org>
Date:       2016-07-12 9:05:47
Message-ID: 20160712-090545.sv38928.42247 () savannah ! gnu ! org
[Download RAW message or body]

Follow-up Comment #1, bug #28446 (project hurd):

The client-side dir_lookup function generated by MIG calls
__mig_strncpy(InP->file_name, file_name, 1024) to copy the file name to the
request message.  If the file name is too long, this silently truncates it and
does not append a null character.  So you can also test the server behavior by
trying to open such a file via libc:


rpctrace -E LC_ALL=C -s 2000 cat $(perl -e "print 'a' x 1020")12345


This shows the string in the message ends with "aaa1234".

I think MIG-generated code should return an error instead of truncating the
string.  This is less important than fixing the code that examines received
messages, though.


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?28446>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic