Re: git: fc915f1be145 - main - pseudofs: Fix a potential out-of-bounds access in pfs_lookup()

In reply to: Mark Johnston : "Re: git: fc915f1be145 - main - pseudofs: Fix a potential out-of-bounds access in pfs_lookup()"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Enji Cooper <yaneurabeya_at_gmail.com>
Date: Fri, 23 Jun 2023 18:49:42 UTC

> On Jun 23, 2023, at 8:56 AM, Mark Johnston <markj@FreeBSD.org> wrote:

…

>> Naive question: should this be an && conditional or an || conditional?
> 
> It should be &&.  Using || here would reintroduce the original bug.
> If strncmp(pname, pn->pn_name, namelen) == 0, then
> strlen(pn->pn_name) >= namelen, and pn->pn_name is nul-terminated, so it
> is safe to check pn->pn_name[namelen] == '\0'.
> 
>> If the former, could this be simplified by using a direct NUL char equality check instead of using strncmp?
> 
> I'm not sure what you mean by this.  This code is simply checking
> whether pname and pn->pn_name are the same string, without assuming that
> pname is nul-terminated.

	I completely misread the conditional when I sent out my email. After you pointed out the obvious part dealing with namelen, it doesn’t make sense for the conditionals to exist by themselves.
Thanks for the explanation :)!
-Enji