[PATCH] safe_gethostname

Tito farmatito at tiscali.it
Mon Feb 25 20:53:21 UTC 2008


On Monday 25 February 2008 21:40:10 Denys Vlasenko wrote:
> On Monday 25 February 2008 21:02, Tito wrote:
> > > Why 256?
> > 
> > Leftover of my first attempt with a static buffer....should be 255 in this case.
> 
> I mean, why not sizeof()? I think sizeof never lies.
> > > 
> > > If fields are indeed terminated by NUL, just xstrdup(uts.nodename)
> > > will work.
> > > 
> > > Otherwise (if you fear that they may not be),
> > > xstrndup(uts.nodename, sizeof(uts.nodename));
> > 
> > Fields are indeed nul terminated but lenght is unspecified
> > so to follow RFC with xstrndup we ensure a maximum
> > size of 255 in the case of a longer hostname:
> 
> Lenght is unspecified _in standards_ but it sure
> is correctly specified _in header files_:
> 
> sys/utsname.h
> 
> struct utsname
>   {
>     char sysname[_UTSNAME_SYSNAME_LENGTH];
>     char nodename[_UTSNAME_NODENAME_LENGTH];
>     char release[_UTSNAME_RELEASE_LENGTH];
>     char version[_UTSNAME_VERSION_LENGTH];
>     char machine[_UTSNAME_MACHINE_LENGTH];
>     ....
> 
> If header is wrong about size of nodename[], all fields
> past it will be busted, C program cannot access them correctly.
> This would be a libc bug.
> 
> Assuming that libc is not buggy, you can always safely use
> sizeof(nodename), irrespective what standards say.
> 
> To be more exact:
> 
> return xstrndup(uts.nodename, sizeof(uts.nodename));
> 
> is a most straightforward way to return nodename,
> NUL terminated, even if you are not sure that uts.nodename
> is NUL terminated, and do not know how big is it.
> You just use what compiler + libc know.
> 
> 
> > "Host software MUST handle host names of up to 63 characters and
> >  SHOULD handle host names of up to 255 characters."
> 
> I prefer "we do not code around libc bugs, we fix libc if it is buggy".
> 
> 
> > next version of the patch attached.Now it looks like this:
> > 
> > char *safe_gethostname(void)
> > {
> > 	struct utsname uts;
> > 
> > 	/* The length of the arrays in a struct utsname is unspecified;
> > 	 * the fields are terminated by a null byte.
> > 	 * Note that there is no standard that says  that  the  hostname
> > 	 * set  by  sethostname(2) is the same string as the nodename field of the
> > 	 * struct returned by uname (indeed, some systems allow a  256-byte  host-
> > 	 * name and an 8-byte nodename), but this is true on Linux. The same holds
> > 	 * for setdomainname(2) and the domainname field.
> > 	 */
> > 	
> > 	/* Uname can fail only if you pass a bad pointer to it. */
> > 	uname(&uts);
> > 
> > 	return xstrndup(!*(uts.nodename) ? "?" : uts.nodename, 255);
> > }
> --
> vda
> 

I see....how could I've been so blind!
So sizeof(ut.nodename).
Attached version 04.

Thanks for your time and patience!
Ciao,
Tito
-------------- next part --------------
A non-text attachment was scrubbed...
Name: safe_gethostname04.patch
Type: text/x-diff
Size: 7700 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20080225/e163c77a/attachment-0002.bin 


More information about the busybox mailing list