From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: from second.openwall.net (second.openwall.net [193.110.157.125]) by inbox.vuxu.org (Postfix) with SMTP id 3D1592338E for ; Tue, 5 Nov 2024 05:56:44 +0100 (CET) Received: (qmail 22338 invoked by uid 550); 5 Nov 2024 04:56:39 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com x-ms-reactions: disallow Received: (qmail 22303 invoked from network); 5 Nov 2024 04:56:38 -0000 From: To: CC: Date: Tue, 5 Nov 2024 12:56:28 +0800 Message-ID: <20241105045628.1542264-1-lihua.zhao.cn@windriver.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20241105030058.GF10433@brightrain.aerifal.cx> References: <20241105030058.GF10433@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Authority-Analysis: v=2.4 cv=T7feTOKQ c=1 sm=1 tr=0 ts=6729a57e cx=c_pps a=/ZJR302f846pc/tyiSlYyQ==:117 a=/ZJR302f846pc/tyiSlYyQ==:17 a=VlfZXiiP6vEA:10 a=t7CeM3EgAAAA:8 a=uZvujYp8AAAA:8 a=_wtQRX5PYVFbalEd9rIA:9 a=FdTzh2GWekK77mhwV6Dw:22 a=SLzB8X_8jTLwj6mN0q5r:22 X-Proofpoint-GUID: lmtLBlvZg3aS-ctXxAEQgPNtQXAszzsS X-Proofpoint-ORIG-GUID: lmtLBlvZg3aS-ctXxAEQgPNtQXAszzsS X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-11-04_22,2024-11-04_01,2024-09-30_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 bulkscore=0 phishscore=0 lowpriorityscore=0 adultscore=0 clxscore=1015 suspectscore=0 spamscore=0 mlxlogscore=356 malwarescore=0 priorityscore=1501 mlxscore=0 classifier=spam authscore=0 adjust=0 reason=mlx scancount=1 engine=8.21.0-2409260000 definitions=main-2411050033 Subject: [musl] [PATCH v2] mman: correct length check in __shm_mapname From: Lihua Zhao account for leading slashes when comparing against NAME_MAX. Signed-off-by: Lihua Zhao --- According to https://pubs.opengroup.org/onlinepubs/9799919799/: leading character in name is implementation-defined, and that the length limits for the name argument are implementation-defined and need not be the same as the pathname limits {PATH_MAX} and {NAME_MAX}. Although it is implementation-defined, glibc obviously calculates the lead slash. src/mman/shm_open.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/mman/shm_open.c b/src/mman/shm_open.c index 79784bd3..07dbeb96 100644 --- a/src/mman/shm_open.c +++ b/src/mman/shm_open.c @@ -8,19 +8,19 @@ char *__shm_mapname(const char *name, char *buf) { - char *p; - while (*name == '/') name++; - if (*(p = __strchrnul(name, '/')) || p==name || - (p-name <= 2 && name[0]=='.' && p[-1]=='.')) { + const char *s=name, *e; + while (*s == '/') s++; + if (*(e = __strchrnul(s, '/')) || e==s || + (e-s <= 2 && s[0]=='.' && e[-1]=='.')) { errno = EINVAL; return 0; } - if (p-name > NAME_MAX) { + if (e-name > NAME_MAX) { errno = ENAMETOOLONG; return 0; } memcpy(buf, "/dev/shm/", 9); - memcpy(buf+9, name, p-name+1); + memcpy(buf+9, s, e-s+1); return buf; } -- 2.34.1