[Buildroot] [PATCH 01/12] toolchain-external: instrument wrapper to warn about unsafe paths
Yann E. MORIN
yann.morin.1998 at free.fr
Wed Sep 10 20:23:17 UTC 2014
Thomas, All,
On 2014-09-10 22:18 +0200, Thomas Petazzoni spake thusly:
[--SNIP--]
> > > + /* We handle two cases: first the case where -I/-L and
> > > + * the path are separated by one space and therefore
> > > + * visible as two separate options, and then the case
> > > + * where they are stuck together forming one single
> > > + * option.
> > > + */
> > > + if (strlen(argv[i]) == 2) {
> >
> > argv[*] are passed by the user, so better not trust them. What about:
> >
> > if (argv[i][2]!='\0') {
> > ...;
> > }
>
> This makes an assumption on the length of argv[i], which is even worse,
> IMO. I don't see why strlen(argv[i]) would be unsafe, actually.
Well, you know it is at least 3-char long, because it is at least either
"-I" or "-L" so argv[i][2] is valid.
And it can be an overly-long string passed by the user, so let's be
prepared to the worse.
And it is much faster than calling strlen, which is a costly function.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list