Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Jun 2016 12:31:51 -0400
From: Rich Felker <dalias@...c.org>
To: Matthew Fernandez <matthew.fernandez@...ta.com.au>
Cc: musl@...ts.openwall.com
Subject: Re: Undetected failures in getdomainname

On Wed, Jun 22, 2016 at 06:15:25PM +1000, Matthew Fernandez wrote:
> Hi all,
> 
> In the tip at time of writing
> (6cec7bc57f599f43f4041cec2093e3c9231dbaab) there are a couple of
> syscalls that are implemented by calling uname, notably gethostname
> and getdomainname. In gethostname, the return value of uname is
> checked and the code returns early if uname fails. However, in
> getdomainname the return value of uname is ignored. I think it
> should be following the same pattern as gethostname. Is this
> correct?

In practice I don't think the difference matters unless someone has
hooked uname to fail (e.g. seccomp or perhaps LSMs), since the syscall
itself can't fail. It wouldn't hurt to make them consistent though.

> Also, gethostname rolls its own strcpy, while getdomainname just
> calls strcpy. However, maybe there is a good reason for this.

As written the behaviors are different. gethostname truncates while
getdomainname returns an error on excessive length. The former is
mandated by POSIX; the latter is documented (but not clearly specified
as a requirement vs just being an optional failure) in the Linux man
page, since getdomainname is not a standard function.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.