From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4092 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: [PATCH] getgr_r: Reserve space for gr_mem's NULL terminator in buffer Date: Sun, 29 Sep 2013 13:40:35 -0400 Message-ID: <20130929174035.GK20515@brightrain.aerifal.cx> References: <1380434926-28060-1-git-send-email-mforney@mforney.org> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1380476451 29196 80.91.229.3 (29 Sep 2013 17:40:51 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 29 Sep 2013 17:40:51 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4096-gllmg-musl=m.gmane.org@lists.openwall.com Sun Sep 29 19:40:56 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1VQKzB-0000lR-JW for gllmg-musl@plane.gmane.org; Sun, 29 Sep 2013 19:40:49 +0200 Original-Received: (qmail 11750 invoked by uid 550); 29 Sep 2013 17:40:48 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 11734 invoked from network); 29 Sep 2013 17:40:48 -0000 Content-Disposition: inline In-Reply-To: <1380434926-28060-1-git-send-email-mforney@mforney.org> User-Agent: Mutt/1.5.21 (2010-09-15) Xref: news.gmane.org gmane.linux.lib.musl.general:4092 Archived-At: By the way, how did you come across the bugs you're reporting? Are you testing software against musl, or directly reviewing the source? I'm just curious since you've already found a couple important issues that our existing methodologies have so far missed, and I'm hoping we can stamp out a lot more bugs like this between now and the 1.0 release. Rich On Sat, Sep 28, 2013 at 11:08:46PM -0700, Michael Forney wrote: > Currently, the NULL terminator overlaps with the beginning of the line, causing > gr_name to always be the empty string. > --- > As an aside, I don't understand why 32 is added to the size check. It looks > like the length is rounded down to a multiple of 16, so at most 15 extra bytes > will be needed. But even so, wouldn't it be better to check for exactly the > amount of space that will be used? Or is it not worth the additional temporary > variable? > > src/passwd/getgr_r.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-)