Page MenuHomeFreeBSD
Differential D16595

Always terminate string with nul.
ClosedPublic
Actions

Authored by delphij on Aug 5 2018, 6:04 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 30, 5:34 PM
Unknown Object (File)
Mar 11 2024, 3:34 PM
Unknown Object (File)
Mar 5 2024, 12:42 AM
Unknown Object (File)
Dec 30 2023, 11:13 PM
Unknown Object (File)
Dec 20 2023, 9:18 PM
Unknown Object (File)
Dec 20 2023, 1:50 AM
Unknown Object (File)
Dec 9 2023, 6:26 PM
Unknown Object (File)
Nov 25 2023, 6:24 AM
View All 34 Files
Subscribers
imp

Details

Reviewers
wollman
emaste
imp
Commits
rS338441: MFC r337522:
rS338440: MFC r337522:
rS337522: In read_zones(), check if the file name actually fit in the buffer
Summary

In read_zones(), check if the file name actually fit in the buffer
and make sure it would fit with strlcpy().

Test Plan

run tzsetup

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

delphij created this revision.Aug 5 2018, 6:04 AM
Herald added a subscriber: imp. · View Herald TranscriptAug 5 2018, 6:04 AM
Harbormaster completed remote builds in B18591: Diff 46306.Aug 5 2018, 6:04 AM
imp added a comment.Aug 5 2018, 9:36 AM

Seems fine. Normally, these files aren't in the control of users...

usr.sbin/tzsetup/tzsetup.c
481 ↗(On Diff #46306)

16 is very short...

515 ↗(On Diff #46306)

stylistically, sizeof(contbuf) is better here. practically, it woudln't matter.

imp accepted this revision.Aug 5 2018, 9:37 AM
This revision is now accepted and ready to land.Aug 5 2018, 9:37 AM
imp added a comment.Aug 5 2018, 9:37 AM

And is there still an upstream for these files?

delphij updated this revision to Diff 46314.Aug 5 2018, 5:09 PM
delphij marked an inline comment as done.

Clarify the code.

This revision now requires review to proceed.Aug 5 2018, 5:09 PM
Harbormaster completed remote builds in B18595: Diff 46314.Aug 5 2018, 5:09 PM
delphij added inline comments.Aug 5 2018, 5:10 PM
usr.sbin/tzsetup/tzsetup.c
515 ↗(On Diff #46306)

I think the intention was to copy until '/' (e.g. for Europe/Andorra, the goal is to copy "Europe").

Now I realized that 'filelen' is a poor name so I have revised the code to make it more clear.

delphij marked an inline comment as done.Aug 5 2018, 5:15 PM
In D16595#352569, @imp wrote:

Normally, these files aren't in the control of users...

Yes this is not intended as a security fix.

In D16595#352574, @imp wrote:

And is there still an upstream for these files?

I think this is FreeBSD specific code and there was no upstream so we are probably the ultimate upstream.

This revision was not accepted when it landed; it landed in state Needs Review.Aug 9 2018, 2:47 AM
Closed by commit rS337522: In read_zones(), check if the file name actually fit in the buffer (authored by delphij). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
usr.sbin/
tzsetup/
10 lines

Diff 46442

View Options

head/usr.sbin/tzsetup/tzsetup.c

Loading...