Page MenuHomeFreeBSD

route: avoid overlapping strcpy(3)
AbandonedPublic

Authored by kevans on Jul 23 2024, 6:19 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Mar 25, 12:35 AM
Unknown Object (File)
Mar 2 2025, 6:26 AM
Unknown Object (File)
Feb 9 2025, 7:01 PM
Unknown Object (File)
Feb 9 2025, 4:54 PM
Unknown Object (File)
Feb 9 2025, 8:11 AM
Unknown Object (File)
Jan 31 2025, 5:35 PM
Unknown Object (File)
Jan 19 2025, 3:14 PM
Unknown Object (File)
Nov 20 2024, 7:43 AM
Subscribers

Details

Reviewers
emaste
fuz
Group Reviewers
Klara
Summary

strcpy(3) does not guarantee any particular outcome for aliasing
violations in dst/src. Furthermore, _FORTIFY_SOURCE will outright
abort. Switch to memmove(3) for an overlap-safe copy.

While we're here, improve the readability slightly by giving cp a
more sensible name, and using sizeof() for the gethostname(3) buffer
size to formalize our assumption that we still have room for us to
NUL-terminate the buffer to be safe.

Sponsored by: Klara, Inc.
Sponsored by: Stormshield

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 58766
Build 55654: arc lint + arc unit

Event Timeline

In trying to figure out why I hadn't found this in my smoke-tests, I discovered I had fixed this in another branch from when I initially did the work. Attaching the alternate version, I'm not sure which I prefer; that one just avoids copying by making domain a pointer into domain-renamed-to-domain_storage.

{F89079343}

Wouldn't it be much simpler to just keep a pointer to the domain part around rather than moving it to the beginning of the domain array?

In D46069#1050289, @fuz wrote:

Wouldn't it be much simpler to just keep a pointer to the domain part around rather than moving it to the beginning of the domain array?

That seems to be what Kyle did here: https://reviews.freebsd.org/D32615

Consensus moves for the first attempt