From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 01/12] toolchain-external: instrument wrapper to warn about unsafe paths
Date: Wed, 10 Sep 2014 22:18:30 +0200 [thread overview]
Message-ID: <20140910221830.5e94360a@free-electrons.com> (raw)
In-Reply-To: <20140910194239.GB4155@free.fr>
Yann,
On Wed, 10 Sep 2014 21:42:39 +0200, Yann E. MORIN wrote:
> At long last, here is a preliminary review of this series...
Thanks a lot for looking into this!
> > +static void check_unsafe_path(const char *path, int paranoid)
> > +{
> > + char **c;
> > + char *unsafe_paths[] = {
> > + "/usr/include", "/usr/lib", "/usr/local/include", "/usr/local/lib", NULL,
>
> Make it a global variable, or at least a static one.
Right.
> > + };
> > +
> > + for (c = unsafe_paths; *c != NULL; c++) {
> > + if (!strncmp(path, *c, strlen(*c))) {
> > + fprintf(stderr, "%s: unsafe header/library path used in cross-compilation: '%s'\n",
> > + paranoid ? "ERROR" : "WARNING", path);
>
> It could be nice to also print the name of the executable that is
> running, something like:
>
> fprintf(stderr,"%s: %s: unsafe....'%s'\n",
> program_invocation_short_name,
> paranoid ? "ERROR" : "WARNING", path);
>
> program_invocation_short_name is a glibcism, so it would only work on
> glibc, or Clibc with the option enabled. Also requires:
> #define _GNU_SOURCE
> #include <errno.h>
Right, ok.
> > + /* We handle two cases: first the case where -I/-L and
> > + * the path are separated by one space and therefore
> > + * visible as two separate options, and then the case
> > + * where they are stuck together forming one single
> > + * option.
> > + */
> > + if (strlen(argv[i]) == 2) {
>
> argv[*] are passed by the user, so better not trust them. What about:
>
> if (argv[i][2]!='\0') {
> ...;
> }
This makes an assumption on the length of argv[i], which is even worse,
IMO. I don't see why strlen(argv[i]) would be unsafe, actually.
> > + if (i == argc)
> > + continue;
>
> 'i' can not be == argc, because 'i' is an array index, and argc is the
> number of entries in the array. If you want to test whether that's the
> last argument, you should do:
>
> if (i+1 == argc) { ...; }
>
> or:
> i++;
> if (i == argc) { ...; }
>
> I think the second option is better, since that way you also skip
> re-testign that argv in the next loop.
>
> Also, I'd use break instead of continue, since the loop is finished
> anyway.
Right, good point.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
next prev parent reply other threads:[~2014-09-10 20:18 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-20 13:06 [Buildroot] [PATCH 00/12] toolchain: warn for unsafe library/header paths Thomas Petazzoni
2014-08-20 13:06 ` [Buildroot] [PATCH 01/12] toolchain-external: instrument wrapper to warn about unsafe paths Thomas Petazzoni
2014-09-10 19:42 ` Yann E. MORIN
2014-09-10 20:18 ` Thomas Petazzoni [this message]
2014-09-10 20:23 ` Yann E. MORIN
2014-08-20 13:06 ` [Buildroot] [PATCH 02/12] binutils/2.24: add patch to warn about unsafe library paths Thomas Petazzoni
2014-09-10 19:52 ` Yann E. MORIN
2014-09-10 20:19 ` Thomas Petazzoni
2014-08-20 13:06 ` [Buildroot] [PATCH 03/12] binutils/2.23: " Thomas Petazzoni
2014-08-20 13:06 ` [Buildroot] [PATCH 04/12] binutils/2.22: " Thomas Petazzoni
2014-08-20 13:06 ` [Buildroot] [PATCH 05/12] binutils/arc-4.8-R3: " Thomas Petazzoni
2014-08-20 13:06 ` [Buildroot] [PATCH 06/12] gcc/4.9: add patch to warn about unsafe header paths Thomas Petazzoni
2014-09-10 20:08 ` Yann E. MORIN
2014-09-10 20:24 ` Thomas Petazzoni
2014-09-10 22:10 ` Yann E. MORIN
2014-08-20 13:06 ` [Buildroot] [PATCH 07/12] gcc/4.8: " Thomas Petazzoni
2014-08-20 13:06 ` [Buildroot] [PATCH 08/12] gcc/arc-4.8-R3: " Thomas Petazzoni
2014-08-20 13:06 ` [Buildroot] [PATCH 09/12] gcc/4.7: " Thomas Petazzoni
2014-08-20 13:06 ` [Buildroot] [PATCH 10/12] gcc: enable poison system directories option Thomas Petazzoni
2014-09-10 20:09 ` Yann E. MORIN
2014-08-20 13:06 ` [Buildroot] [PATCH 11/12] binutils: " Thomas Petazzoni
2014-09-10 20:09 ` Yann E. MORIN
2014-08-20 13:06 ` [Buildroot] [PATCH 12/12] Add option for paranoid unsafe path checking Thomas Petazzoni
2014-09-10 20:12 ` Yann E. MORIN
2014-08-21 20:30 ` [Buildroot] [PATCH 00/12] toolchain: warn for unsafe library/header paths Romain Naour
2014-08-21 21:33 ` Thomas Petazzoni
2014-08-22 16:30 ` Yann E. MORIN
2014-08-22 19:29 ` Thomas De Schampheleire
2014-08-24 11:22 ` Yann E. MORIN
2014-08-26 20:14 ` Arnout Vandecappelle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140910221830.5e94360a@free-electrons.com \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox