[ofa-general] Re: [PATCH 4/6] [DAPL v1] fix off-by-one with ia_name

Arlin Davis ardavis at ichips.intel.com
Thu Feb 14 09:25:09 PST 2008


Patrick Marchand Latifi wrote:
> Make sure we stay within bounds when manipulating the ia_name.
> 
> Signed-off-by: Patrick Marchand Latifi <patrick.latifi at qlogic.com>
> ---
> 
>  dat/udat/udat.c |    6 ++----
>  1 files changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/dat/udat/udat.c b/dat/udat/udat.c
> index e458441..c57d421 100644
> --- a/dat/udat/udat.c
> +++ b/dat/udat/udat.c
> @@ -181,7 +181,7 @@ dat_ia_openv (
>  
>      len = dat_os_strlen (name);
>  
> -    if ( DAT_NAME_MAX_LENGTH < len )
> +    if ( DAT_NAME_MAX_LENGTH <= len )
>      {
>  	return DAT_ERROR (DAT_INVALID_PARAMETER, DAT_INVALID_ARG1);
>      }
> @@ -197,7 +197,6 @@ dat_ia_openv (
>      }
>  
>      dat_os_strncpy (info.ia_name, name, len);
> -    info.ia_name[len] = '\0';

Same as DAPL 2.0 patch.

strlen does not include terminating NULL byte and strncpy
will copy no more then len. Revising patch, adding len+1
to get NULL byte with strncpy.

Here is a new patch for DAPL v1.2:

Signed-off by: Arlin Davis <ardavis at ichips.intel.com>

diff --git a/dat/udat/udat.c b/dat/udat/udat.c
index e458441..cac1b93 100644
--- a/dat/udat/udat.c
+++ b/dat/udat/udat.c
@@ -181,7 +181,7 @@ dat_ia_openv (

      len = dat_os_strlen (name);

-    if ( DAT_NAME_MAX_LENGTH < len )
+    if ( DAT_NAME_MAX_LENGTH <= len )
      {
         return DAT_ERROR (DAT_INVALID_PARAMETER, DAT_INVALID_ARG1);
      }
@@ -196,8 +196,7 @@ dat_ia_openv (
         return DAT_ERROR (DAT_INVALID_STATE, 0);
      }

-    dat_os_strncpy (info.ia_name, name, len);
-    info.ia_name[len] = '\0';
+    dat_os_strncpy (info.ia_name, name, len+1);

      info.dapl_version_major = dapl_major;
      info.dapl_version_minor = dapl_minor;
@@ -301,10 +300,9 @@ dat_ia_close (

         len = dat_os_strlen (ia_name);

-       dat_os_assert ( len <= DAT_NAME_MAX_LENGTH );
+       dat_os_assert ( len < DAT_NAME_MAX_LENGTH );

-       dat_os_strncpy (info.ia_name, ia_name, len);
-       info.ia_name[len] = '\0';
+       dat_os_strncpy (info.ia_name, ia_name, len+1);

         info.dapl_version_major = provider_attr.dapl_version_major;
         info.dapl_version_minor = provider_attr.dapl_version_minor;




More information about the general mailing list