Undetected failures in getdomainname

Undetected failures in getdomainname

[Matthew Fernandez]

Hi all,

In the tip at time of writing (6cec7bc57f599f43f4041cec2093e3c9231dbaab) there are a couple of
syscalls that are implemented by calling uname, notably gethostname and getdomainname. In
gethostname, the return value of uname is checked and the code returns early if uname fails.
However, in getdomainname the return value of uname is ignored. I think it should be following the
same pattern as gethostname. Is this correct?

Also, gethostname rolls its own strcpy, while getdomainname just calls strcpy. However, maybe there
is a good reason for this.

If replying, please CC me directly as I'm not on the list.

Thanks,
Matthew

________________________________

The information in this e-mail may be confidential and subject to legal professional privilege and/or copyright. National ICT Australia Limited accepts no liability for any damage caused by this email or its attachments.

Re: Undetected failures in getdomainname

[Rich Felker]

On Wed, Jun 22, 2016 at 06:15:25PM +1000, Matthew Fernandez wrote:
> Hi all,
> 
> In the tip at time of writing
> (6cec7bc57f599f43f4041cec2093e3c9231dbaab) there are a couple of
> syscalls that are implemented by calling uname, notably gethostname
> and getdomainname. In gethostname, the return value of uname is
> checked and the code returns early if uname fails. However, in
> getdomainname the return value of uname is ignored. I think it
> should be following the same pattern as gethostname. Is this
> correct?

In practice I don't think the difference matters unless someone has
hooked uname to fail (e.g. seccomp or perhaps LSMs), since the syscall
itself can't fail. It wouldn't hurt to make them consistent though.

> Also, gethostname rolls its own strcpy, while getdomainname just
> calls strcpy. However, maybe there is a good reason for this.

As written the behaviors are different. gethostname truncates while
getdomainname returns an error on excessive length. The former is
mandated by POSIX; the latter is documented (but not clearly specified
as a requirement vs just being an optional failure) in the Linux man
page, since getdomainname is not a standard function.

Rich

Re: Undetected failures in getdomainname

[Matthew Fernandez]

On 23/06/16 02:31, Rich Felker wrote:
> On Wed, Jun 22, 2016 at 06:15:25PM +1000, Matthew Fernandez wrote:
>> Hi all,
>>
>> In the tip at time of writing
>> (6cec7bc57f599f43f4041cec2093e3c9231dbaab) there are a couple of
>> syscalls that are implemented by calling uname, notably gethostname
>> and getdomainname. In gethostname, the return value of uname is
>> checked and the code returns early if uname fails. However, in
>> getdomainname the return value of uname is ignored. I think it
>> should be following the same pattern as gethostname. Is this
>> correct?
>
> In practice I don't think the difference matters unless someone has
> hooked uname to fail (e.g. seccomp or perhaps LSMs), since the syscall
> itself can't fail. It wouldn't hurt to make them consistent though.

Good point. I hadn't factored in that the only uname failure case is when the buffer is invalid, which can never occur
when called from getdomainname.

>> Also, gethostname rolls its own strcpy, while getdomainname just
>> calls strcpy. However, maybe there is a good reason for this.
>
> As written the behaviors are different. gethostname truncates while
> getdomainname returns an error on excessive length. The former is
> mandated by POSIX; the latter is documented (but not clearly specified
> as a requirement vs just being an optional failure) in the Linux man
> page, since getdomainname is not a standard function.

Ah, nice. Learned something new today :) Thanks, Rich.

________________________________

The information in this e-mail may be confidential and subject to legal professional privilege and/or copyright. National ICT Australia Limited accepts no liability for any damage caused by this email or its attachments.