Re: [Qemu-devel] Use of PATH_MAX

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Warner Losh <imp@bsdimp.com>
To: qemu-devel@nongnu.org, anthony@codemonkey.ws
Subject: Re: [Qemu-devel] Use of PATH_MAX
Date: Fri, 16 May 2008 08:09:40 -0600 (MDT)	[thread overview]
Message-ID: <20080516.080940.74651723.imp@bsdimp.com> (raw)
In-Reply-To: <482D9387.7070807@codemonkey.ws>

From: Anthony Liguori <anthony@codemonkey.ws>
Subject: Re: [Qemu-devel] Use of PATH_MAX
Date: Fri, 16 May 2008 09:00:39 -0500

> Ian Jackson wrote:
> > There are a couple of places where we use PATH_MAX.  I don't think
> > this is right.  PATH_MAX is a #define specified by POSIX, SuSv3 etc.
> > But it isn't guaranteed to be defined or necessarily very useful.
> >
> > In particular, it may be defined to a very large value (larger than a
> > practical static buffer).  Or on systems where the maximum pathname
> > length varies (for example, it depends on the underlying filesystem)
> > it may be not defined at all and applications which really need to
> > know are supposed to use pathconf.
> >
> > I think it would be better to invent a new name for the maximum path
> > length supported by qemu's statically-sized buffers.  This would
> > replace both the uses of PATH_MAX (in block.c, linux-user/path.c, and
> > block-vvfat.c) but also direct use of (eg) 1024 in many places.
> >   
> 
> It would be far better to get rid of instances of PATH_MAX and replace 
> them with dynamically allocated buffers.   The use of static sized 
> buffers for filenames is just asking for subtle bugs (and possibly even 
> security problems.

As is the use of dynamic buffers.  If you don't always test system
call return value, you can get odd new failures.  If you don't provide
a sane upper bound, then you get DoS attacks...

Warner

next prev parent reply	other threads:[~2008-05-16 14:15 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-05-16 13:35 [Qemu-devel] Use of PATH_MAX Ian Jackson
2008-05-16 14:00 ` Anthony Liguori
2008-05-16 14:09   ` Warner Losh [this message]
2008-05-16 14:35     ` Anthony Liguori
2008-05-16 14:52       ` Ian Jackson
2008-05-16 14:02 ` Paul Brook
2008-05-16 14:21   ` Ian Jackson
2008-05-16 14:24     ` Ian Jackson
2008-05-16 14:32       ` Anthony Liguori
2008-05-16 14:46         ` Ian Jackson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080516.080940.74651723.imp@bsdimp.com \
    --to=imp@bsdimp.com \
    --cc=anthony@codemonkey.ws \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.