This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Potential Ada tweak: those who know ada please comment.


Zack Weinberg wrote:
Nathanael Nerode <neroden@twcny.rr.com> writes:


I was told that this is in fact the correct way to solve the buffer
overflow problem.  What do I know?  Nothing.  So I'm throwing it to the list.
...

-    sprintf (tmp_filename, "%200s/gnat-XXXXXX", tmpdir);
+    sprintf (tmp_filename, "%.200s/gnat-XXXXXX", tmpdir);

Yes, in the sense that %200s won't stop it overflowing the buffer and
%.200s will.  No, in the sense that this fails in an unpredictable
manner if the string is too long.

The actual length of the buffer is __gnat_max_path_len-1 bytes (since
these C routines require one byte for a terminator), so the _proper_
fix would look more like

  tmpdir = getenv (TMPDIR);
  tmplen = strlen (tmplen);

  if (tmplen + sizeof "/gnat-XXXXXX" >= __gnat_max_path_len)
    // signal an error

  sprintf(tmp_filename, "%s/gnat-XXXXXX", tmpdir); // now safe

zw


OK, someone please write a patch which is correct and commit it as obvious. *rolls eyes* Maybe I'll reopen the bug. This type of material is so not my field.




Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]