diff options
author | bors[bot] <26634292+bors[bot]@users.noreply.github.com> | 2022-03-24 03:12:46 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-24 03:12:46 +0000 |
commit | 4ccc6c6e69fea5005cf6f8c50597e9296dd8dc92 (patch) | |
tree | de8b0b7422f15b255b9e79d12b831c4178f5f300 /test/sys | |
parent | d2bc189f5d45cc7e8e98b9510e527a5ce7307aa4 (diff) | |
parent | 4ae4cfd0588fbe93e1cc6501bcb98893ebdf26f3 (diff) | |
download | nix-4ccc6c6e69fea5005cf6f8c50597e9296dd8dc92.zip |
Merge #1672
1672: Make `uname` always safe r=asomers a=koute
Currently `uname` doesn't check for errors and just blindly assumes that it always succeeds. According to the manpage this function can fail, even though no actual errors are defined:
```
RETURN VALUE
Upon successful completion, a non-negative value shall be returned. Otherwise, -1 shall be returned and errno set to indicate the error.
ERRORS
No errors are defined.
The following sections are informative.
```
Looking at [the glibc's sources](https://github.com/bminor/glibc/blob/b92a49359f33a461db080a33940d73f47c756126/posix/uname.c#L29) we can see that it indeed could fail if the internal `gethostname` call fails for some reason.
This code also assumes that every field of `utsname` is going to be initialized by the call to `uname`, which apparently is also not true. Even though the interface doesn't expose this field so it's not a problem in practice (although it might be UB since we do call `assume_init` on the whole struct) [the `utsname` does have a `domainname` field](https://docs.rs/libc/0.2.119/libc/struct.utsname.html) which glibc doesn't initialize.
The code also assumes that every field is a valid UTF-8 string, which is also technically not guaranteed.
The code also assumes that every field will be null terminated, which might not be true if any of the strings are too long (since glibc uses `strncpy` which will *not* null-terminate the string if it ends up running out of space).
This PR should fix all of these problems.
This is a breaking change.
Co-authored-by: Jan Bujak <jan@parity.io>
Diffstat (limited to 'test/sys')
0 files changed, 0 insertions, 0 deletions