rt: fix shm_open not set ENAMETOOLONG when name exceeds {_POSIX_PATH_MAX}
Checks
Context |
Check |
Description |
dj/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
dj/TryBot-32bit |
success
|
Build for i686
|
Commit Message
according to man-pages-posix-2017, shm_open() function may fail if the length
of the name argument exceeds {_POSIX_PATH_MAX} and set ENAMETOOLONG
Signed-off-by: abushwang <abushwangs@gmail.com>
---
posix/shm-directory.c | 5 +++--
rt/shm_open.c | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
Comments
On Tue, 2023-03-07 at 17:45 +0800, abushwang via Libc-alpha wrote:
> according to man-pages-posix-2017, shm_open() function may fail if the length
> of the name argument exceeds {_POSIX_PATH_MAX} and set ENAMETOOLONG
>
> Signed-off-by: abushwang <abushwangs@gmail.com>
Please use [PATCH v2] or v3, v4, ... into the title when you update the patch.
/* snip */
> int
> __shm_get_name (struct shmdir_name *result, const char *name, bool sem_prefix)
> @@ -54,9 +55,9 @@ __shm_get_name (struct shmdir_name *result, const char *name, bool sem_prefix)
> if (sem_prefix)
> alloc_buffer_copy_bytes (&buffer, "sem.", strlen ("sem."));
> alloc_buffer_copy_bytes (&buffer, name, namelen + 1);
> - if (namelen == 0 || memchr (name, '/', namelen) != NULL
> + if (namelen == 0 || namelen > NAME_MAX || memchr (name, '/', namelen) != NULL
You can't just reject any namelen > NAMEMAX because a "may" clause in
the specification. You may only do that if the allocation fails.
What you are doing is like: the specification of a capacitor says it may
(not "must" or "shall"!) blow up if the temperature is > 90C, then you
add a bomb into the capacitor which blows up when the temperature
reaches 90C. It's definitely wrong.
I was not telling you to make the code more compact.
@@ -25,6 +25,7 @@
#include <string.h>
#include <sys/mman.h>
#include <fcntl.h>
+#include <errno.h>
int
__shm_get_name (struct shmdir_name *result, const char *name, bool sem_prefix)
@@ -54,9 +55,9 @@ __shm_get_name (struct shmdir_name *result, const char *name, bool sem_prefix)
if (sem_prefix)
alloc_buffer_copy_bytes (&buffer, "sem.", strlen ("sem."));
alloc_buffer_copy_bytes (&buffer, name, namelen + 1);
- if (namelen == 0 || memchr (name, '/', namelen) != NULL
+ if (namelen == 0 || namelen > NAME_MAX || memchr (name, '/', namelen) != NULL
|| alloc_buffer_has_failed (&buffer))
- return -1;
+ return namelen ? ENAMETOOLONG : EINVAL;
return 0;
}
libc_hidden_def (__shm_get_name)
@@ -30,9 +30,10 @@ int
__shm_open (const char *name, int oflag, mode_t mode)
{
struct shmdir_name dirname;
- if (__shm_get_name (&dirname, name, false) != 0)
+ int ret =__shm_get_name (&dirname, name, false);
+ if (ret != 0)
{
- __set_errno (EINVAL);
+ __set_errno (ret);
return -1;
}