[Buildroot] [PATCH 01/12] toolchain-external: instrument wrapper to warn about unsafe paths

Yann E. MORIN yann.morin.1998 at free.fr
Wed Sep 10 20:23:17 UTC 2014


Thomas, All,

On 2014-09-10 22:18 +0200, Thomas Petazzoni spake thusly:
[--SNIP--]
> > > +		/* We handle two cases: first the case where -I/-L and
> > > +		 * the path are separated by one space and therefore
> > > +		 * visible as two separate options, and then the case
> > > +		 * where they are stuck together forming one single
> > > +		 * option.
> > > +		 */
> > > +		if (strlen(argv[i]) == 2) {
> > 
> > argv[*] are passed by the user, so better not trust them. What about:
> > 
> >     if (argv[i][2]!='\0') {
> >         ...;
> >     }
> 
> This makes an assumption on the length of argv[i], which is even worse,
> IMO. I don't see why strlen(argv[i]) would be unsafe, actually.

Well, you know it is at least 3-char long, because it is at least either
"-I" or "-L" so argv[i][2] is valid.

And it can be an overly-long string passed by the user, so let's be
prepared to the worse.

And it is much faster than calling strlen, which is a costly function.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'


More information about the buildroot mailing list