[ofa-general] Re: [PATCH 3/5 v2] [DAPL v2] Fix off-by-one with ia_name
Patrick Marchand Latifi
patrick.latifi at qlogic.com
Thu Feb 14 10:15:28 PST 2008
I agree with this patch also.
-pat
On Thu, Feb 14, 2008 at 09:21:28AM -0800, Arlin Davis wrote:
> Patrick Marchand Latifi wrote:
> >Make sure we stay within bounds when manipulating the ia_name.
> >
> >Signed-off-by: Patrick Marchand Latifi <patrick.latifi at qlogic.com>
> >---
> >
> > dat/udat/udat.c | 6 ++----
> > 1 files changed, 2 insertions(+), 4 deletions(-)
> >
> >diff --git a/dat/udat/udat.c b/dat/udat/udat.c
> >index bb1c580..0be4c33 100755
> >--- a/dat/udat/udat.c
> >+++ b/dat/udat/udat.c
> >@@ -184,7 +184,7 @@ dat_ia_openv (
> >
> > len = dat_os_strlen (name);
> >
> >- if ( DAT_NAME_MAX_LENGTH < len )
> >+ if ( DAT_NAME_MAX_LENGTH <= len )
> > {
> > return DAT_ERROR (DAT_INVALID_PARAMETER, DAT_INVALID_ARG1);
> > }
> >@@ -200,7 +200,6 @@ dat_ia_openv (
> > }
> >
> > dat_os_strncpy (info.ia_name, name, len);
> >- info.ia_name[len] = '\0';
>
> strlen does not include terminating NULL byte and strncpy
> will copy no more then len. Revising patch, adding len+1
> to get NULL byte with strncpy.
>
> Here is a new patch for DAPL v2.0:
>
> Signed-off by: Arlin Davis <ardavis at ichips.intel.com>
>
> diff --git a/dat/udat/udat.c b/dat/udat/udat.c
> index bb1c580..f3194b0 100755
> --- a/dat/udat/udat.c
> +++ b/dat/udat/udat.c
> @@ -184,7 +184,7 @@ dat_ia_openv (
>
> len = dat_os_strlen (name);
>
> - if ( DAT_NAME_MAX_LENGTH < len )
> + if ( DAT_NAME_MAX_LENGTH <= len )
> {
> return DAT_ERROR (DAT_INVALID_PARAMETER, DAT_INVALID_ARG1);
> }
> @@ -199,8 +199,7 @@ dat_ia_openv (
> return DAT_ERROR (DAT_INVALID_STATE, 0);
> }
>
> - dat_os_strncpy (info.ia_name, name, len);
> - info.ia_name[len] = '\0';
> + dat_os_strncpy (info.ia_name, name, len+1);
>
> info.dapl_version_major = dapl_major;
> info.dapl_version_minor = dapl_minor;
> @@ -324,10 +323,9 @@ dat_ia_close (
>
> len = dat_os_strlen (ia_name);
>
> - dat_os_assert ( len <= DAT_NAME_MAX_LENGTH );
> + dat_os_assert ( len < DAT_NAME_MAX_LENGTH );
>
> - dat_os_strncpy (info.ia_name, ia_name, len);
> - info.ia_name[len] = '\0';
> + dat_os_strncpy (info.ia_name, ia_name, len+1);
>
> info.dapl_version_major = provider_attr.dapl_version_major;
> info.dapl_version_minor = provider_attr.dapl_version_minor;
>
More information about the general
mailing list