From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 9593 invoked from network); 27 Aug 2021 16:49:46 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 27 Aug 2021 16:49:46 -0000 Received: (qmail 24363 invoked by uid 550); 27 Aug 2021 16:49:41 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 24345 invoked from network); 27 Aug 2021 16:49:41 -0000 Date: Fri, 27 Aug 2021 12:49:28 -0400 From: Rich Felker To: =?utf-8?B?w4lyaWNv?= Nogueira Cc: musl@lists.openwall.com, Alyssa Ross Message-ID: <20210827164928.GW13220@brightrain.aerifal.cx> References: <20210821085420.474615-4-hi@alyssa.is> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] [PATCH musl 3/3] mntent: fix parsing lines with optional fields On Fri, Aug 27, 2021 at 12:27:36PM -0300, Érico Nogueira wrote: > On Sat Aug 21, 2021 at 5:54 AM -03, Alyssa Ross wrote: > > According to fstab(5), the last two fields are optional, but this > > wasn't accepted by Musl. After this change, only the first field is > > required, which matches Glibc's behaviour. > > > > Using sscanf as before, it would have been impossible to differentiate > > between 0 fields and 4 fields, because sscanf would have returned 0 in > > both cases due to the use of assignment suppression and %n for the > > string fields (which is important to avoid copying any strings). So > > instead, before calling sscanf, initialize every string to the empty > > string, and then we can check which strings are empty afterwards to > > know how many fields were matched. > > Besides typing change noted below, the change sounds reasonable. > > If you want to fix another issue around mntent, hasmntopts has some > troubles too :p > > > --- > > > > We could also be stricter about it, and enforce that the first four > > fields are present, since the man page says only the last two are > > optional. Doing that would be a simple change of checking for the > > presence of mnt_opts instead of mnt_fsname at the end of my patch. > > > > src/misc/mntent.c | 18 +++++++++++++----- > > 1 file changed, 13 insertions(+), 5 deletions(-) > > > > diff --git a/src/misc/mntent.c b/src/misc/mntent.c > > index eabb8200..5a68f0b9 100644 > > --- a/src/misc/mntent.c > > +++ b/src/misc/mntent.c > > @@ -21,7 +21,8 @@ int endmntent(FILE *f) > > > > struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, > > int buflen) > > { > > - int cnt, n[8], use_internal = (linebuf == SENTINEL); > > + int use_internal = (linebuf == SENTINEL); > > + size_t len, i, n[8]; > > Try avoiding unrelated changes in the commit, since they can introduce > subtle bugs. In this case, making n size_t[] instead of int[] will lead > to pointer type mismatches in the sscanf call, given that %n expects an > int*. > > I don't know if *scanf guarantees it won't read enough to go past For *scanf in general there is no such guarantee; not even size_t is safe for fscanf. However, here you have sscanf and the number is bounded by strlen(linebuf). > INT_MAX, though, so making a change to size_t[] and using %ln might make > sense. Deferring to someone else to answer that. The conversion specifier for size_t is %zu not %ln. Since in theory strlen(linebuf) could be more than INT_MAX, I think this change should be made, but it should be a separate bugfix. Rich