From: Junio C Hamano <junkio@cox.net>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 1/7] cleanups: Fix resource leak and buffer overrun in daemon.c
Date: Mon, 17 Apr 2006 14:42:45 -0700 [thread overview]
Message-ID: <7vu08rkhey.fsf@assigned-by-dhcp.cox.net> (raw)
In-Reply-To: 20060417151447.D4FE619B90E@sergelap.hallyn.com
"Serge E. Hallyn" <serue@us.ibm.com> writes:
> Address two reports from an automatic code analyzer:
>
> 1. In logreport, it is possible to write \0 one
> character past the end of buf[].
I am perhaps slower than I usually am today, but it seems to me
that the code caps msglen to (maxlen-1) and then adds that to
buflen.
Now, maxlen is (sizeof(buf)-buflen-1), so that means after
the "buflen += msglen" happens, buflen is at most:
buflen + (sizeof(buf)-buflen-1) - 1
= sizeof(buf) - 2
And then "buf[buflen++] = '\n'; buf[buflen] = '\0'" happens.
'\n' is written at sizeof(buf)-2 (or lower index than that) and
'\0' is written at sizeof(buf)-1 (or lower). I am unsure how it
steps beyond the end...
> 2. In socksetup, socklist can be leaked when returning
> if set_reuse_addr(). Note: dunno why this case returns...
I am not sure why this part returns either. It appears to me
that it should just keep going just like the cases where
bind/listen fails.
next prev parent reply other threads:[~2006-04-17 21:42 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-17 15:14 [PATCH 0/7] cleanups: intro Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 1/7] cleanups: Fix resource leak and buffer overrun in daemon.c Serge E. Hallyn
2006-04-17 21:42 ` Junio C Hamano [this message]
2006-04-18 13:11 ` Serge E. Hallyn
2006-04-18 19:32 ` Junio C Hamano
2006-04-17 15:14 ` [PATCH 3/7] cleanups: Remove unused vars from combine-diff.c Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 2/7] cleanups: Fix potential bugs in connect.c Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 7/7] cleanups: remove unused variable from exec_cmd.c Serge E. Hallyn
2006-04-17 21:42 ` Junio C Hamano
2006-04-17 15:14 ` [PATCH 6/7] cleanups: prevent leak of two strduped strings in config.c Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 4/7] cleanups: Remove impossible case in quote.c Serge E. Hallyn
2006-04-17 15:14 ` [PATCH 5/7] cleanups: Remove unused variable from sha1_file.c Serge E. Hallyn
2006-04-17 21:42 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vu08rkhey.fsf@assigned-by-dhcp.cox.net \
--to=junkio@cox.net \
--cc=git@vger.kernel.org \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox