Hi, On Thu, Dec 31, 2009 at 04:12:21AM +0100, olafbuddenha...@gmx.net wrote: > On Wed, Dec 30, 2009 at 07:42:21PM +0000, Carl Fredrik Hammar wrote: > > > Strings in RPCs, such as the filename argument to a dir_lookup, are > > not checked if they are terminated by '\0'. This could lead to the > > server segfaulting if it tries to read the string. > > > > Making MIG check that strings are terminated seems like the proper > > fix. > > AIUI, the first step would be implementing actual string support in MiG > at all...
MIG seems to already have some awareness of strings, atleast the client part uses a variant of strncpy() to copy the string into the message. So it should be possible to generate code specifically for strings in the server part as well. > While this should probably be considered a todo item, in the present > situation, if a server doesn't protect against non-terminated strings, > it's a bug *in this server*. If you see any actual instances of this, > could you report them?... It is hard to be certain that a translator isn't vounerable unless it has an explicit check, which I expect no translator currently have. For instance, I extfs returns ENAMETOOLONG because it I tested with a single component path, but it might be possible to get it to read past the end using many components, e.g. `././././....', though I suspect this will return ELOOP. Fixing MIG seems much easier and safer. Regards, Fredrik
