Page MenuHomeFreeBSD
Differential D35102

stand: use snprintf here
ClosedPublic
Actions

Authored by imp on Apr 30 2022, 2:00 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Apr 17, 5:52 AM
Unknown Object (File)
Thu, Mar 21, 12:23 PM
Unknown Object (File)
Mar 12 2024, 4:45 AM
Unknown Object (File)
Dec 20 2023, 2:39 AM
Unknown Object (File)
Dec 20 2023, 12:07 AM
Unknown Object (File)
Dec 11 2023, 5:34 PM
Unknown Object (File)
Oct 27 2023, 7:39 PM
Unknown Object (File)
Sep 22 2023, 5:45 AM
View All 17 Files
Subscribers
dab

Details

Reviewers
manu
tsoome
kevans
emaste
cperciva
Commits
rGf493cbaba968: stand: use snprintf here
rGa23c26b2fe38: stand: use snprintf here
Summary

This code was written prior to snprintf being in the then libstand (now
libsa). Since we have it, use it for extra safety. The code already
tries to be safe, but since we have snprintf as well, the added layer of
protection will suffice. The current code reserves 16 bytes (plus a NUL)
at the end for worst case of inet_ntoa, which is still a little
pessimal, but safe from overflow.

Sponsored by: Netflix

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

imp created this revision.Apr 30 2022, 2:00 PM
Herald added a reviewer: manu. · View Herald TranscriptApr 30 2022, 2:00 PM
Herald added a subscriber: dab. · View Herald Transcript
imp requested review of this revision.Apr 30 2022, 2:00 PM
Harbormaster completed remote builds in B45442: Diff 105607.Apr 30 2022, 2:00 PM
imp added reviewers: tsoome, kevans, emaste, cperciva.Apr 30 2022, 2:05 PM

I believe the new code is the same safety as the old if there's no bugs, and safer if there are bugs.
Discuss and/or prove me wrong.

tsoome accepted this revision.Apr 30 2022, 2:13 PM

There is this nagging question however - should we check the return value from snprintf (like in this last instance). We do know those strings should fit (normally), but if there is non normal case of memory corruption...

This revision is now accepted and ready to land.Apr 30 2022, 2:13 PM
imp added a comment.Apr 30 2022, 2:32 PM
In D35102#795578, @tsoome wrote:

There is this nagging question however - should we check the return value from snprintf (like in this last instance). We do know those strings should fit (normally), but if there is non normal case of memory corruption...

You're not wrong. However, we have hundreds of calls to snprintf in stand, and we check the return value of none of them....

Honestly, though, this code is crying out for sbuf. We'd be much better off using sbuf here which takes care of all that nonsense. We're no longer so massively constrained on how much memory we can use that a malloc or two to get to the right buffer size would be a problem like it was in the late 80s and early 90s when much of this code was written.

Closed by commit rGa23c26b2fe38: stand: use snprintf here (authored by imp). · Explain WhyAug 3 2022, 5:25 PM
This revision was automatically updated to reflect the committed changes.
imp added a commit: rGa23c26b2fe38: stand: use snprintf here.
imp added a commit: rGf493cbaba968: stand: use snprintf here.Jan 24 2023, 10:16 PM

Revision Contents
Changeset List

PathSize
stand/
libsa/
29 lines

Diff 108856

View Options

stand/libsa/bootp.c

Loading...