Closed Bug 835029 Opened 13 years ago Closed 12 years ago

[patch] Readlink - off-by-one

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: rustyBSD, Assigned: rustyBSD)

References

Details

Attachments

(1 file, 1 obsolete file)

bug-835029.patch
1.12 KB, patch
briansmith
: review+
Details | Diff | Splinter Review
Attached patch firefox.diff (obsolete) — Splinter Review
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Build ID: 20130109165059 Steps to reproduce: Looked at the code Actual results: Found mistakes Expected results: The readlink() function is sometimes misused, see this: https://www.securecoding.cert.org/confluence/display/seccode/POS30-C.+Use+the+readlink%28%29+function+properly Patch attached.
OS: Linux → All
Hardware: x86_64 → All
A patch in 2 different areas of the code can complicate the review but thanks for the patch ! You should also request a review from someone or the patch could be overseen
Status: UNCONFIRMED → NEW
Component: Untriaged → General
Ever confirmed: true
Product: Firefox → Core
Attachment #706768 - Flags: review?(bsmith)
Comment on attachment 706768 [details] [diff] [review] firefox.diff Review of attachment 706768 [details] [diff] [review]: ----------------------------------------------------------------- We will have to check the security/coreconf fix into NSS separately from the toolkit/ fix. ::: security/coreconf/nsinstall/pathsub.c @@ +240,4 @@ > if (rv < 0) { > perror(myPath); > } else if (S_ISLNK(sb.st_mode)) { > + rv = readlink(myPath, buf, sizeof buf-1); Please put spaces around "-", i.e. "sizeof buf - 1" ::: toolkit/crashreporter/google-breakpad/src/client/solaris/handler/minidump_generator.cc @@ +511,4 @@ > int count; > > snprintf(path, sizeof (path), "/proc/self/path/%s", module_info.name); > + if ((count = readlink(path, buf, PATH_MAX-1)) < 0) ditto: "PATH_MAX - 1"
Attachment #706768 - Flags: review?(bsmith) → review+
Reminder to self that I need to check in the coreconf fix once the NSS tree re-opens.
Flags: needinfo?(bsmith)
Assignee: nobody → rustyBSD
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla28
Attached patch bug-835029.patchSplinter Review
I split the NSS part off into bug 938486. Will check this in when mozilla-inbound opens.
Attachment #706768 - Attachment is obsolete: true
Actually, checkin-needed is magic now, so trying that.
Keywords: checkin-needed
Version: 18 Branch → Trunk
clearing needingo
Flags: needinfo?(brian)
https://hg.mozilla.org/mozilla-central/rev/8faa1855c483
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: