[bug #28446] No checks are made for unteminated strings in RPC messages

[Carl Fredrik Hammar]

URL:
  <http://savannah.gnu.org/bugs/?28446>

                 Summary: No checks are made for unteminated strings in RPC
messages
                 Project: The GNU Hurd
            Submitted by: hammy
            Submitted on: Wed 30 Dec 2009 08:42:20 PM CET
                Category: None
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
         Reproducibility: None
              Size (loc): None
         Planned Release: None
                  Effort: 0.00
Wiki-like text discussion box: 

    _______________________________________________________

Details:

Strings in RPCs, such as the filename argument to a dir_lookup,
are not checked if they are terminated by '\0'.  This could lead
to the server segfaulting if it tries to read the string.

Making MIG check that strings are terminated seems like the
proper fix.

I have attached a program that sends an unterminated dir_lookup to
its first argument, which can be used to test how translators
react. For instance, ext2fs reacts by sending ENAMETOOLONG.




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 30 Dec 2009 08:42:20 PM CET  Name: unterm-path.c  Size: 6kB   By:
hammy

<http://savannah.gnu.org/bugs/download.php?file_id=19398>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?28446>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/