Page MenuHomeFreeBSD
Differential D16595

Always terminate string with nul.
ClosedPublic
Actions

Authored by delphij on Aug 5 2018, 6:04 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Feb 9, 8:16 AM
Unknown Object (File)
Sat, Feb 8, 3:00 AM
Unknown Object (File)
Wed, Jan 29, 9:32 PM
Unknown Object (File)
Jan 23 2025, 1:01 AM
Unknown Object (File)
Jan 21 2025, 5:23 AM
Unknown Object (File)
Jan 19 2025, 7:43 PM
Unknown Object (File)
Jan 11 2025, 2:04 AM
Unknown Object (File)
Jan 10 2025, 2:31 PM
View All 63 Files
Subscribers
imp

Details

Reviewers
wollman
emaste
imp
Commits
rS338441: MFC r337522:
rS338440: MFC r337522:
rS337522: In read_zones(), check if the file name actually fit in the buffer
Summary

In read_zones(), check if the file name actually fit in the buffer
and make sure it would fit with strlcpy().

Test Plan

run tzsetup

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 18591
Build 18282: arc lint + arc unit

Event Timeline

delphij created this revision.Aug 5 2018, 6:04 AM
Herald added a subscriber: imp. · View Herald TranscriptAug 5 2018, 6:04 AM
Harbormaster completed remote builds in B18591: Diff 46306.Aug 5 2018, 6:04 AM
imp added a comment.Aug 5 2018, 9:36 AM

Seems fine. Normally, these files aren't in the control of users...

usr.sbin/tzsetup/tzsetup.c
481

16 is very short...

515

stylistically, sizeof(contbuf) is better here. practically, it woudln't matter.

imp accepted this revision.Aug 5 2018, 9:37 AM
This revision is now accepted and ready to land.Aug 5 2018, 9:37 AM
imp added a comment.Aug 5 2018, 9:37 AM

And is there still an upstream for these files?

delphij updated this revision to Diff 46314.Aug 5 2018, 5:09 PM
delphij marked an inline comment as done.

Clarify the code.

This revision now requires review to proceed.Aug 5 2018, 5:09 PM
Harbormaster completed remote builds in B18595: Diff 46314.Aug 5 2018, 5:09 PM
delphij added inline comments.Aug 5 2018, 5:10 PM
usr.sbin/tzsetup/tzsetup.c
515

I think the intention was to copy until '/' (e.g. for Europe/Andorra, the goal is to copy "Europe").

Now I realized that 'filelen' is a poor name so I have revised the code to make it more clear.

delphij marked an inline comment as done.Aug 5 2018, 5:15 PM
In D16595#352569, @imp wrote:

Normally, these files aren't in the control of users...

Yes this is not intended as a security fix.

In D16595#352574, @imp wrote:

And is there still an upstream for these files?

I think this is FreeBSD specific code and there was no upstream so we are probably the ultimate upstream.

This revision was not accepted when it landed; it landed in state Needs Review.Aug 9 2018, 2:47 AM
Closed by commit rS337522: In read_zones(), check if the file name actually fit in the buffer (authored by delphij). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
usr.sbin/
tzsetup/
9 lines

Diff 46306

View Options

usr.sbin/tzsetup/tzsetup.c

Loading...