This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Potential Ada tweak: those who know ada please comment.

From: Zack Weinberg <zack at codesourcery dot com>
To: Nathanael Nerode <neroden at twcny dot rr dot com>
Cc: gcc-patches at gcc dot gnu dot org
Date: Fri, 15 Nov 2002 18:07:21 -0800
Subject: Re: Potential Ada tweak: those who know ada please comment.
References: <20021116013349.GA10051@doctormoo>

Nathanael Nerode <neroden@twcny.rr.com> writes:

> I was told that this is in fact the correct way to solve the buffer
> overflow problem.  What do I know?  Nothing.  So I'm throwing it to the list.
...
> -    sprintf (tmp_filename, "%200s/gnat-XXXXXX", tmpdir);
> +    sprintf (tmp_filename, "%.200s/gnat-XXXXXX", tmpdir);

Yes, in the sense that %200s won't stop it overflowing the buffer and
%.200s will.  No, in the sense that this fails in an unpredictable
manner if the string is too long.

The actual length of the buffer is __gnat_max_path_len-1 bytes (since
these C routines require one byte for a terminator), so the _proper_
fix would look more like

  tmpdir = getenv (TMPDIR);
  tmplen = strlen (tmplen);

  if (tmplen + sizeof "/gnat-XXXXXX" >= __gnat_max_path_len)
    // signal an error

  sprintf(tmp_filename, "%s/gnat-XXXXXX", tmpdir); // now safe

zw

Follow-Ups:
- Re: Potential Ada tweak: those who know ada please comment.
  - From: Nathanael Nerode

References:
- Potential Ada tweak: those who know ada please comment.
  - From: Nathanael Nerode

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]