From: Jim Meyering <jim@meyering.net>
To: 11374@debbugs.gnu.org
Subject: bug#11374: corrected patch: now, actually compiles
Date: Sun, 29 Apr 2012 08:51:38 +0200 [thread overview]
Message-ID: <87397nm3np.fsf@rho.meyering.net> (raw)
In-Reply-To: <87k40zms7p.fsf@rho.meyering.net>
The first version lacked a definition of min and misspelled memmove.
From 3b96ff1a4f8825d3942c56c79069ca5ffea7d4f6 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Sat, 28 Apr 2012 22:43:55 +0200
Subject: [PATCH 2/5] emacsclient: avoid invalid strcpy upon partial send and
buffer overrun
...upon failed send.
* lib-src/emacsclient.c (min): Define.
(send_to_emacs): Simplify and fix two bugs:
- before, we could call strcpy with overlapping buffers upon partial
send, but strcpy cannot handle overlapping buffers. Use memmove.
- before, we would call strcpy(send_buffer, &send_buffer[-1]) upon
failed "send", resulting in an invalid read and a buffer overrun
when that first byte is not 0. Diagnose the failure.
Also, call strlen just once, rather than for each iteration.
---
lib-src/emacsclient.c | 38 ++++++++++++++++++++------------------
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/lib-src/emacsclient.c b/lib-src/emacsclient.c
index 48b4384..0ca13fa 100644
--- a/lib-src/emacsclient.c
+++ b/lib-src/emacsclient.c
@@ -119,6 +119,8 @@ char *(getcwd) (char *, size_t);
# define IF_LINT(Code) /* empty */
#endif
+#define min(x, y) (((x) < (y)) ? (x) : (y))
+
\f
/* Name used to invoke this program. */
const char *progname;
@@ -783,33 +785,33 @@ sock_err_message (const char *function_name)
static void
send_to_emacs (HSOCKET s, const char *data)
{
- while (data)
+ if (!data)
+ return;
+
+ size_t dlen = strlen (data);
+ while (*data)
{
- size_t dlen = strlen (data);
- if (dlen + sblen >= SEND_BUFFER_SIZE)
- {
- int part = SEND_BUFFER_SIZE - sblen;
- strncpy (&send_buffer[sblen], data, part);
- data += part;
- sblen = SEND_BUFFER_SIZE;
- }
- else if (dlen)
- {
- strcpy (&send_buffer[sblen], data);
- data = NULL;
- sblen += dlen;
- }
- else
- break;
+ size_t part = min (dlen, SEND_BUFFER_SIZE - sblen);
+ memcpy (&send_buffer[sblen], data, part);
+ data += part;
+ sblen += part;
if (sblen == SEND_BUFFER_SIZE
|| (sblen > 0 && send_buffer[sblen-1] == '\n'))
{
int sent = send (s, send_buffer, sblen, 0);
+ if (sent < 0)
+ {
+ message (TRUE, "%s: failed to send %d bytes to socket: %s\n",
+ progname, sblen, strerror (errno));
+ fail ();
+ }
if (sent != sblen)
- strcpy (send_buffer, &send_buffer[sent]);
+ memmove (send_buffer, &send_buffer[sent], sblen - sent);
sblen -= sent;
}
+
+ dlen -= part;
}
}
--
1.7.10.382.g62bc8
next prev parent reply other threads:[~2012-04-29 6:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-28 22:01 bug#11374: emacsclient: avoid invalid strcpy upon partial send and buffer overrun upon failed send Jim Meyering
2012-04-29 6:51 ` Jim Meyering [this message]
2012-05-02 10:41 ` bug#11374: corrected patch: now, actually compiles Chong Yidong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87397nm3np.fsf@rho.meyering.net \
--to=jim@meyering.net \
--cc=11374@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.