[ofa-general] Re: [PATCH 3/5 v2] [DAPL v2] Fix off-by-one with ia_name

Patrick Marchand Latifi patrick.latifi at qlogic.com
Thu Feb 14 10:15:28 PST 2008


I agree with this patch also.

-pat

On Thu, Feb 14, 2008 at 09:21:28AM -0800, Arlin Davis wrote:
> Patrick Marchand Latifi wrote:
> >Make sure we stay within bounds when manipulating the ia_name.
> >
> >Signed-off-by: Patrick Marchand Latifi <patrick.latifi at qlogic.com>
> >---
> >
> > dat/udat/udat.c |    6 ++----
> > 1 files changed, 2 insertions(+), 4 deletions(-)
> >
> >diff --git a/dat/udat/udat.c b/dat/udat/udat.c
> >index bb1c580..0be4c33 100755
> >--- a/dat/udat/udat.c
> >+++ b/dat/udat/udat.c
> >@@ -184,7 +184,7 @@ dat_ia_openv (
> > 
> >     len = dat_os_strlen (name);
> > 
> >-    if ( DAT_NAME_MAX_LENGTH < len )
> >+    if ( DAT_NAME_MAX_LENGTH <= len )
> >     {
> > 	return DAT_ERROR (DAT_INVALID_PARAMETER, DAT_INVALID_ARG1);
> >     }
> >@@ -200,7 +200,6 @@ dat_ia_openv (
> >     }
> > 
> >     dat_os_strncpy (info.ia_name, name, len);
> >-    info.ia_name[len] = '\0';
> 
> strlen does not include terminating NULL byte and strncpy
> will copy no more then len. Revising patch, adding len+1
> to get NULL byte with strncpy.
> 
> Here is a new patch for DAPL v2.0:
> 
> Signed-off by: Arlin Davis <ardavis at ichips.intel.com>
> 
> diff --git a/dat/udat/udat.c b/dat/udat/udat.c
> index bb1c580..f3194b0 100755
> --- a/dat/udat/udat.c
> +++ b/dat/udat/udat.c
> @@ -184,7 +184,7 @@ dat_ia_openv (
> 
>      len = dat_os_strlen (name);
> 
> -    if ( DAT_NAME_MAX_LENGTH < len )
> +    if ( DAT_NAME_MAX_LENGTH <= len )
>      {
>         return DAT_ERROR (DAT_INVALID_PARAMETER, DAT_INVALID_ARG1);
>      }
> @@ -199,8 +199,7 @@ dat_ia_openv (
>         return DAT_ERROR (DAT_INVALID_STATE, 0);
>      }
> 
> -    dat_os_strncpy (info.ia_name, name, len);
> -    info.ia_name[len] = '\0';
> +    dat_os_strncpy (info.ia_name, name, len+1);
> 
>      info.dapl_version_major = dapl_major;
>      info.dapl_version_minor = dapl_minor;
> @@ -324,10 +323,9 @@ dat_ia_close (
> 
>         len = dat_os_strlen (ia_name);
> 
> -       dat_os_assert ( len <= DAT_NAME_MAX_LENGTH );
> +       dat_os_assert ( len < DAT_NAME_MAX_LENGTH );
> 
> -       dat_os_strncpy (info.ia_name, ia_name, len);
> -       info.ia_name[len] = '\0';
> +       dat_os_strncpy (info.ia_name, ia_name, len+1);
> 
>         info.dapl_version_major = provider_attr.dapl_version_major;
>         info.dapl_version_minor = provider_attr.dapl_version_minor;
> 



More information about the general mailing list