Undo commit bfccd62599ef80899929cbbdf7b8f0fc78f8f07b #677
Conversation
|
Hi @Daniel-Abrecht , Thank you for your contribution. Using strcpy is generally not recommended (code analyzer tools). I understand that here it is safe to use it but since was not hurting to change it I did. I probably failed in the len calculus, this need to be reviewed. Do you think, you could look at which one has an issue ? |
|
Both length calculations are wrong. You passed the length of the whole buffer to strncpy, but you passed the buffer with an offset. You would have to substract that offset from the length of the buffer to get the remaining length of the buffer starting from that offset. But I think it's easier and safer to just use the length of the new option/param and add the nullbyte manually. Here is a commit for this: I'm never quiet sure how I should add such changes, if I add it to this pull request it would leaf an unnecessary commit in the git history, but if I open another pull request the discussion get's split into two parts. Can github handle a force push to a commit used to start a pull request? But then the other commit would be lost... |
|
GitHub handles force pushes to pull requests fine and will at least nowadays keep the history as well. So one can still see the old commit for reference. |
|
Ok, I've now made a force push. The new patch just corrects the length calculation and adds the null byte to terminate the strings explicitly. The previous commit seams to have been lost due to that though, it seams github is still not able to retain them if it's the first commit of a pull request. |
|
Hi @Daniel-Abrecht , Looks good to me 👍 |
Reverting commit bfccd62 because it caused a crash in my fuse-nfs builds,
probably because the buffer size given to strncpy was wrong.
Why was this changed in the first place, the additional bound check
seams unnecessary, and it wasn't made sure the string would get null
terminated if it would ever somehow prevent an overflow. The only
way I see this could happen would be if the "opt" argument was changed
by a different thread in this tiny moment between strlen and strcpy,
if that's even possible, and even then, why would anyone ever do that,
an attacker would already have control over the program at that stage.