Re: [PATCH 1/7] cleanups: Fix resource leak and buffer overrun in daemon.c

Git development
 help / color / mirror / Atom feed

From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Junio C Hamano <junkio@cox.net>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 1/7] cleanups: Fix resource leak and buffer overrun in daemon.c
Date: Tue, 18 Apr 2006 08:11:06 -0500	[thread overview]
Message-ID: <20060418131106.GD7562@sergelap.austin.ibm.com> (raw)
In-Reply-To: <7vu08rkhey.fsf@assigned-by-dhcp.cox.net>

Quoting Junio C Hamano (junkio@cox.net):
> "Serge E. Hallyn" <serue@us.ibm.com> writes:
> 
> > Address two reports from an automatic code analyzer:
> >
> > 1. In logreport, it is possible to write \0 one
> > character past the end of buf[].
> 
> I am perhaps slower than I usually am today, but it seems to me
> that the code caps msglen to (maxlen-1) and then adds that to
> buflen.
> 
> Now, maxlen is (sizeof(buf)-buflen-1), so that means after
> the "buflen += msglen" happens, buflen is at most:
> 
> 	buflen + (sizeof(buf)-buflen-1) - 1
>         = sizeof(buf) - 2
> 
> And then "buf[buflen++] = '\n'; buf[buflen] = '\0'" happens.
> '\n' is written at sizeof(buf)-2 (or lower index than that) and
> '\0' is written at sizeof(buf)-1 (or lower).  I am unsure how it
> steps beyond the end...

Argh, I had to pull out a sheet of paper, but you are right.  I
misread, and the warning must be about the case where the
snprint "[%ld] " prints out 1023 characters.

> > 2. In socksetup, socklist can be leaked when returning
> > if set_reuse_addr().  Note: dunno why this case returns...
> 
> I am not sure why this part returns either.  It appears to me
> that it should just keep going just like the cases where
> bind/listen fails.

Then perhaps the following is more appropriate.

thanks,
-serge

From: Serge E. Hallyn <serue@us.ibm.com>
Subject: [PATCH] socksetup: don't return on set_reuse_addr() error

The set_reuse_addr() error case was the only error case in
socklist() where we returned rather than continued.  Not sure
why.  Either we must free the socklist, or continue.  This patch
continues on error.

Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>

---

 daemon.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

b589029e3187eed51c3fe6a2715f51bea2159786
diff --git a/daemon.c b/daemon.c
index a1ccda3..776749e 100644
--- a/daemon.c
+++ b/daemon.c
@@ -535,7 +535,7 @@ static int socksetup(int port, int **soc

 		if (set_reuse_addr(sockfd)) {
 			close(sockfd);
-			return 0;	/* not fatal */
+			continue;
 		}

 		if (bind(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) {
-- 
1.2.5

next prev parent reply	other threads:[~2006-04-18 13:11 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-17 15:14 [PATCH 0/7] cleanups: intro Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 1/7] cleanups: Fix resource leak and buffer overrun in daemon.c Serge E. Hallyn
2006-04-17 21:42   ` Junio C Hamano
2006-04-18 13:11     ` Serge E. Hallyn [this message]
2006-04-18 19:32       ` Junio C Hamano
2006-04-17 15:14 ` [PATCH 3/7] cleanups: Remove unused vars from combine-diff.c Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 2/7] cleanups: Fix potential bugs in connect.c Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 7/7] cleanups: remove unused variable from exec_cmd.c Serge E. Hallyn
2006-04-17 21:42   ` Junio C Hamano
2006-04-17 15:14 ` [PATCH 5/7] cleanups: Remove unused variable from sha1_file.c Serge E. Hallyn
2006-04-17 21:42   ` Junio C Hamano
2006-04-17 15:14 ` [PATCH 4/7] cleanups: Remove impossible case in quote.c Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 6/7] cleanups: prevent leak of two strduped strings in config.c Serge E. Hallyn

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a1ccda3 dfblob:776749e )
 OR (
bs:"socksetup: don't return on set_reuse_addr() error" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060418131106.GD7562@sergelap.austin.ibm.com \
    --to=serue@us.ibm.com \
    --cc=git@vger.kernel.org \
    --cc=junkio@cox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox