From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Kost Subject: Re: Syslog bug Date: Wed, 01 Apr 2015 23:34:56 +0300 Message-ID: <87384joadr.fsf@gmail.com> References: <87twx5qmpm.fsf@gmail.com> <87sicnx5m9.fsf@gnu.org> <87y4mfrlss.fsf@gmail.com> <87r3s641y2.fsf@gnu.org> <87zj6skwbs.fsf_-_@gmail.com> <87wq1vvd85.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40899) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YdPLr-0000II-DR for guix-devel@gnu.org; Wed, 01 Apr 2015 16:35:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YdPLn-0001nA-5i for guix-devel@gnu.org; Wed, 01 Apr 2015 16:35:03 -0400 In-Reply-To: <87wq1vvd85.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Wed, 01 Apr 2015 21:51:38 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org Ludovic Court=C3=A8s (2015-04-01 22:51 +0300) wrote: > Alex Kost skribis: > >> Wow, I admire how deep you dig! Your patch does some funny thing, it >> "moves" corruption to another place. Here is the output: >> >> # ./syslogd --debug --rcfile /tmp/syslog-with-leading-spaces.conf >> init >> cfline(*.alert;auth.notice;authpriv.none /dev/console >> sole) > > Oops, indeed, I had it too but hadn=E2=80=99t noticed. :-) > > This is because the bcopy call didn=E2=80=99t copy the trailing zero, whi= ch is > fixed by adding =E2=80=9C+ 1=E2=80=9D: > > > diff --git a/src/syslogd.c b/src/syslogd.c > index 7af10f3..aaf02a4 100644 > --- a/src/syslogd.c > +++ b/src/syslogd.c > @@ -1971,7 +1971,7 @@ load_conffile (const char *filename, struct filed *= *nextp) > if (*p =3D=3D '\0' || *p =3D=3D '#') > continue; >=20=20 > - strcpy (cline, p); > + bcopy (p, cline, strlen (p) + 1); >=20=20 > /* Cut the trailing spaces. */ > for (p =3D strchr (cline, '\0'); isspace (*--p);) OK, btw the manual (info "(libc) Copying and Concatenation") says 'bcopy' =C2=ABis a partially obsolete alternative for 'memmove'=C2=BB. >> --- a/src/syslogd.c >> +++ b/src/syslogd.c >> @@ -1971,7 +1971,7 @@ load_conffile (const char *filename, struct filed = **nextp) >> if (*p =3D=3D '\0' || *p =3D=3D '#') >> continue; >>=20=20 >> - strcpy (cline, p); >> + strncpy (cline, p, strlen (cline)); > > I guess this worked by chance: it does not copy the trailing zero, and > it doesn=E2=80=99t address the overlapping-memory-regions issue. By chance? I thought it's reliable as it would fill the redundant part of 'cline' (the rest part after copying 'p') with null characters. >> A side note: compilation of inetutils failed for me complaining about >> missing "help2man". It finished successfully after I had added >> "help2man" to native-inputs. > > That=E2=80=99s because the patch modifies the source of an executable for= which > a man page is generated. Ah, thanks for the explanation. > Thanks for your feedback! I=E2=80=99ll report the issue upstream. Great, thank you! --=20 Alex