From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id AAC2F1FF9C for ; Mon, 26 Oct 2020 19:44:53 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B43B53861867; Mon, 26 Oct 2020 19:44:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B43B53861867 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1603741491; bh=n9LLsGTd4UYd3Cz1ArX6VJ/EILqWrDo1i8pFGUH41yg=; h=To:References:Subject:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=daD8rm/jdU0UEfZugov9fA1vJAGTGC0YwOvqWZyEcbNzrOEU25G/9dkL8pDk8eYMx yjR3LiIJGPIvFETIEdCkSlG3/l1lasrmbytiWVmM5jIgQTfL2hq/qT0ZKz60CeAv+e v227XpjiIt2IsyC+kCHSdBPdmxNS1RtjxDQnkG6U= Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) by sourceware.org (Postfix) with ESMTPS id 0E27E3857831 for ; Mon, 26 Oct 2020 19:44:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0E27E3857831 Received: by mail-qt1-x843.google.com with SMTP id h19so7660431qtq.4 for ; Mon, 26 Oct 2020 12:44:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:autocrypt:subject:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=n9LLsGTd4UYd3Cz1ArX6VJ/EILqWrDo1i8pFGUH41yg=; b=Z/v0uURmTAUqO6lTik+PrFzoeA6byJYfUv7gpEO0nzhc3lOSl7ND1sZZr8xvC6XMzj dA3LtJLPOb1CG4YJhmK21VmaerXxNWmmL5Uf7exdu4d3iITgLckM0Lj6dVHQwZmtnhxR 8ICYgK06TBgJC1kLfyKP8sKVHfQqEO2/Bhmiu0ZKYxaRjcXXX0PE88j+VHFtUXVFC8iP OddQSgI6vfLRHXC4H9Q3tYDo+VZpVyNoL7KYWXmc/CNv3XARY+5B6/TMCRR4RIe4cdUp ibbvpiMHNaSYcwGKMVzSTKQlBRjIMt7FE+8bjuLZrDT2n1ttn8j1mqCmITiHfLoMLHVE JjGw== X-Gm-Message-State: AOAM531QcoD3i7Y9WlC1WgwtzgKHwgjqsWdhwN6UWDxUVmjj9m/iiyKQ /W8nuDTC7WjQcuHLZ0qKMElX0mtv5aw9KQ== X-Google-Smtp-Source: ABdhPJw1ik5vDfcHwRYue5OkkmNeuH1yTWutz+p+fP7lkzBljFmISnz8HC/g58/bseOSaevk20ZKww== X-Received: by 2002:ac8:64d:: with SMTP id e13mr19233792qth.23.1603741488354; Mon, 26 Oct 2020 12:44:48 -0700 (PDT) Received: from [192.168.1.4] ([177.194.48.209]) by smtp.googlemail.com with ESMTPSA id s16sm7100357qks.18.2020.10.26.12.44.46 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 26 Oct 2020 12:44:47 -0700 (PDT) To: libc-alpha@sourceware.org References: <87lfg6zdl5.wl-chenli@uniontech.com> Autocrypt: addr=adhemerval.zanella@linaro.org; prefer-encrypt=mutual; keydata= mQINBFcVGkoBEADiQU2x/cBBmAVf5C2d1xgz6zCnlCefbqaflUBw4hB/bEME40QsrVzWZ5Nq 8kxkEczZzAOKkkvv4pRVLlLn/zDtFXhlcvQRJ3yFMGqzBjofucOrmdYkOGo0uCaoJKPT186L NWp53SACXguFJpnw4ODI64ziInzXQs/rUJqrFoVIlrPDmNv/LUv1OVPKz20ETjgfpg8MNwG6 iMizMefCl+RbtXbIEZ3TE/IaDT/jcOirjv96lBKrc/pAL0h/O71Kwbbp43fimW80GhjiaN2y WGByepnkAVP7FyNarhdDpJhoDmUk9yfwNuIuESaCQtfd3vgKKuo6grcKZ8bHy7IXX1XJj2X/ BgRVhVgMHAnDPFIkXtP+SiarkUaLjGzCz7XkUn4XAGDskBNfbizFqYUQCaL2FdbW3DeZqNIa nSzKAZK7Dm9+0VVSRZXP89w71Y7JUV56xL/PlOE+YKKFdEw+gQjQi0e+DZILAtFjJLoCrkEX w4LluMhYX/X8XP6/C3xW0yOZhvHYyn72sV4yJ1uyc/qz3OY32CRy+bwPzAMAkhdwcORA3JPb kPTlimhQqVgvca8m+MQ/JFZ6D+K7QPyvEv7bQ7M+IzFmTkOCwCJ3xqOD6GjX3aphk8Sr0dq3 4Awlf5xFDAG8dn8Uuutb7naGBd/fEv6t8dfkNyzj6yvc4jpVxwARAQABtElBZGhlbWVydmFs IFphbmVsbGEgTmV0dG8gKExpbmFybyBWUE4gS2V5KSA8YWRoZW1lcnZhbC56YW5lbGxhQGxp bmFyby5vcmc+iQI3BBMBCAAhBQJXFRpKAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ EKqx7BSnlIjv0e8P/1YOYoNkvJ+AJcNUaM5a2SA9oAKjSJ/M/EN4Id5Ow41ZJS4lUA0apSXW NjQg3VeVc2RiHab2LIB4MxdJhaWTuzfLkYnBeoy4u6njYcaoSwf3g9dSsvsl3mhtuzm6aXFH /Qsauav77enJh99tI4T+58rp0EuLhDsQbnBic/ukYNv7sQV8dy9KxA54yLnYUFqH6pfH8Lly sTVAMyi5Fg5O5/hVV+Z0Kpr+ZocC1YFJkTsNLAW5EIYSP9ftniqaVsim7MNmodv/zqK0IyDB GLLH1kjhvb5+6ySGlWbMTomt/or/uvMgulz0bRS+LUyOmlfXDdT+t38VPKBBVwFMarNuREU2 69M3a3jdTfScboDd2ck1u7l+QbaGoHZQ8ZNUrzgObltjohiIsazqkgYDQzXIMrD9H19E+8fw kCNUlXxjEgH/Kg8DlpoYJXSJCX0fjMWfXywL6ZXc2xyG/hbl5hvsLNmqDpLpc1CfKcA0BkK+ k8R57fr91mTCppSwwKJYO9T+8J+o4ho/CJnK/jBy1pWKMYJPvvrpdBCWq3MfzVpXYdahRKHI ypk8m4QlRlbOXWJ3TDd/SKNfSSrWgwRSg7XCjSlR7PNzNFXTULLB34sZhjrN6Q8NQZsZnMNs TX8nlGOVrKolnQPjKCLwCyu8PhllU8OwbSMKskcD1PSkG6h3r0AquQINBFcVGkoBEACgAdbR Ck+fsfOVwT8zowMiL3l9a2DP3Eeak23ifdZG+8Avb/SImpv0UMSbRfnw/N81IWwlbjkjbGTu oT37iZHLRwYUFmA8fZX0wNDNKQUUTjN6XalJmvhdz9l71H3WnE0wneEM5ahu5V1L1utUWTyh VUwzX1lwJeV3vyrNgI1kYOaeuNVvq7npNR6t6XxEpqPsNc6O77I12XELic2+36YibyqlTJIQ V1SZEbIy26AbC2zH9WqaKyGyQnr/IPbTJ2Lv0dM3RaXoVf+CeK7gB2B+w1hZummD21c1Laua +VIMPCUQ+EM8W9EtX+0iJXxI+wsztLT6vltQcm+5Q7tY+HFUucizJkAOAz98YFucwKefbkTp eKvCfCwiM1bGatZEFFKIlvJ2QNMQNiUrqJBlW9nZp/k7pbG3oStOjvawD9ZbP9e0fnlWJIsj 6c7pX354Yi7kxIk/6gREidHLLqEb/otuwt1aoMPg97iUgDV5mlNef77lWE8vxmlY0FBWIXuZ yv0XYxf1WF6dRizwFFbxvUZzIJp3spAao7jLsQj1DbD2s5+S1BW09A0mI/1DjB6EhNN+4bDB SJCOv/ReK3tFJXuj/HbyDrOdoMt8aIFbe7YFLEExHpSk+HgN05Lg5TyTro8oW7TSMTk+8a5M kzaH4UGXTTBDP/g5cfL3RFPl79ubXwARAQABiQIfBBgBCAAJBQJXFRpKAhsMAAoJEKqx7BSn lIjvI/8P/jg0jl4Tbvg3B5kT6PxJOXHYu9OoyaHLcay6Cd+ZrOd1VQQCbOcgLFbf4Yr+rE9l mYsY67AUgq2QKmVVbn9pjvGsEaz8UmfDnz5epUhDxC6yRRvY4hreMXZhPZ1pbMa6A0a/WOSt AgFj5V6Z4dXGTM/lNManr0HjXxbUYv2WfbNt3/07Db9T+GZkpUotC6iknsTA4rJi6u2ls0W9 1UIvW4o01vb4nZRCj4rni0g6eWoQCGoVDk/xFfy7ZliR5B+3Z3EWRJcQskip/QAHjbLa3pml xAZ484fVxgeESOoaeC9TiBIp0NfH8akWOI0HpBCiBD5xaCTvR7ujUWMvhsX2n881r/hNlR9g fcE6q00qHSPAEgGr1bnFv74/1vbKtjeXLCcRKk3Ulw0bY1OoDxWQr86T2fZGJ/HIZuVVBf3+ gaYJF92GXFynHnea14nFFuFgOni0Mi1zDxYH/8yGGBXvo14KWd8JOW0NJPaCDFJkdS5hu0VY 7vJwKcyHJGxsCLU+Et0mryX8qZwqibJIzu7kUJQdQDljbRPDFd/xmGUFCQiQAncSilYOcxNU EMVCXPAQTteqkvA+gNqSaK1NM9tY0eQ4iJpo+aoX8HAcn4sZzt2pfUB9vQMTBJ2d4+m/qO6+ cFTAceXmIoFsN8+gFN3i8Is3u12u8xGudcBPvpoy4OoG Subject: Re: [PATCH] shm_open/unlink: fix errno if namelen >= NAME_MAX Message-ID: <6d7d271d-282f-7811-5b3f-355f1030b452@linaro.org> Date: Mon, 26 Oct 2020 16:44:44 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <87lfg6zdl5.wl-chenli@uniontech.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Adhemerval Zanella via Libc-alpha Reply-To: Adhemerval Zanella Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" On 16/10/2020 07:09, Chen Li wrote: > > According to linux's manpage and posix's doc, errno should be > set to ENAMETOOLONG if the path exceeds the maximuz length: > > linux man page(http://man7.org/linux/man-pages/man3/shm_open.3.html) > > ``` > ENAMETOOLONG > The length of name exceeds PATH_MAX. > ``` > > posix doc(https://pubs.opengroup.org/onlinepubs/009695399/functions/shm_open.html): > > ``` > [ENAMETOOLONG] > The length of the name argument exceeds {PATH_MAX} or a pathname component is longer than {NAME_MAX}. > ``` > glibc doesn't handle ENAMETOOLONG correctly previously. When the path > exceeds the maximum value, errno was set to EINVAL instead, which > doesn't conform the man page and posix standard. > > This patch removes the NAME_MAX check in SHM_GET_NAME and leaves this > check to open syscall, which should handle maximunize length correctly > inside various filesystem implementations. Although it fixes the errno value for large filenames, it also allows a possible unbounded stack allocation since the resulting path will be issued with alloca. I think it would be good to refactor the code to use a PATH_MAX variable instead, something like: _Bool shm_get_name (const char *prefix, char *shm_name, size shm_path_max) { size_t shm_dirlen; const char *shm_dir = __shm_directory (&shm_dirlen); if (shm_dir == NULL) { __set_errno (ENOSYS); return false; } while (name[0] == '/') ++name; size_t namelen = strlen (name) + 1; if (namelen == 1 || strchr (name, '/') != NULL) { __set_errno (EINVAL); result false; } if (shm_dirlen + namelen > shm_path_max) { __set_errno (ENAMETOOLONG); result false; } __mempcpy (__memcpy (shm_name, shm_dir, shm_dirlen), name, namelen); return true; } It would be good to move shm_get_name to its own implementation file as well (since it is used on both shm_open and shm_unlink). So on sysdeps/posix/shm_open.c: int shm_open (const char *name, int oflag, mode_t mode) { char shm_path[PATH_MAX]; if (! shm_get_name (shm_path, sizeof shm_path)) return SEM_FAILED; [...] } > --- > sysdeps/posix/shm-directory.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/sysdeps/posix/shm-directory.h b/sysdeps/posix/shm-directory.h > index c7979ebb72..5a1aab2c14 100644 > --- a/sysdeps/posix/shm-directory.h > +++ b/sysdeps/posix/shm-directory.h > @@ -53,7 +53,7 @@ extern const char *__shm_directory (size_t *len); > ++name; \ > size_t namelen = strlen (name) + 1; \ > /* Validate the filename. */ \ > - if (namelen == 1 || namelen >= NAME_MAX || strchr (name, '/') != NULL) \ > + if (namelen == 1 || strchr (name, '/') != NULL) \ > { \ > __set_errno (errno_for_invalid); \ > return retval_for_invalid; \ > >