This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760)
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Siddhesh Poyarekar <siddhesh at redhat dot com>
- Cc: Mike Frysinger <vapier at gentoo dot org>, libc-alpha at sourceware dot org
- Date: Wed, 9 Apr 2014 20:22:29 +0200
- Subject: Re: [PATCH] Avoid overlapping addresses to stpcpy calls in nscd (BZ #16760)
- Authentication-results: sourceware.org; auth=none
- References: <20140327040406 dot GA26264 at spoyarek dot pnq dot redhat dot com> <1499542 dot yzGAIksTkn at vapier> <20140327192254 dot GC1982 at domone dot podge> <20140328021321 dot GI31211 at spoyarek dot pnq dot redhat dot com>
On Fri, Mar 28, 2014 at 07:43:22AM +0530, Siddhesh Poyarekar wrote:
> On Thu, Mar 27, 2014 at 08:22:54PM +0100, OndÅej BÃlka wrote:
> > > > Fix this by using memmove instead of stpcpy. Tested x86_64 using
> > > > various combinations of triplets (including NULL and non-NULL ones) to
> > > > verify that this works correctly and there are no regressions.
> > >
> > This could work only with additional assertion that we do not move host
> > forward otherwise it could overwrite user.
>
> If the host, user and domain are out of order, they are copied in
> order into a separate area in the buffer before the memmove. If you
> think there's something else that could move host forward then I don't
> understand and you'll have to elaborate a bit.
>
> Siddhesh
They are in order, its best to show on example what I mean by copying:
host user domain
^
hoshostser domain
hoshost tserdomain
hoshost tser domain