Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure VERSION is NUL-terminated #213

Merged
merged 1 commit into from
Dec 2, 2020

Conversation

suve
Copy link
Contributor

@suve suve commented Nov 30, 2020

The VERSION variable is referenced in two places inside dumb-init.c: in the print_help() function, and in parse_command(), when the --version option is passed:

void print_help(char *argv[]) {
    fprintf(stderr,
        "dumb-init v%s"
        "Usage: %s [option] command [[arg] ...]\n"
// (snip)
        "Full help is available online at https://github.com/Yelp/dumb-init\n",
        VERSION,
        argv[0]
    );
}

// inside parse_command()
    case 'V':
        fprintf(stderr, "dumb-init v%s", VERSION);
        exit(0);

In both of these cases, VERSION is used as an argument to fprintf(), to be formatted with %s. The man page for fprintf(3) says this about the %s conversion specifier:

The const char * argument is expected to be a pointer to an array of character type (pointer to a string). Characters from the array are written up to (but not including) a terminating null byte ('\0');

However, the way VERSION is currently generated, it does NOT contain the terminating null byte.

unsigned char VERSION[] = {
  0x31, 0x2e, 0x32, 0x2e, 0x32, 0x0a
};

This patch changes the way VERSION.h is generated, to ensure that VERSION is a NUL-terminated string.

@asottile
Copy link
Contributor

asottile commented Nov 30, 2020

a less intrusive patch would be to use VERSION_len:

        fprintf(stderr, "dumb-init v%.*s", VERSION_len, VERSION);

@suve
Copy link
Contributor Author

suve commented Dec 1, 2020

It's an interesting idea, though it has one drawback - if someone needs to add a new piece of code that uses VERSION, they'll have to remember that it's not NUL-terminated and requires special handling.

As a third option, how about keeping VERSION as unsigned char[], with an additional 0-byte?

@asottile
Copy link
Contributor

asottile commented Dec 1, 2020

I would prefer the one line patch as I indicated, this tool has had very little maintenance and I doubt that a new use for VERSION will come up

The "%s" conversion specifier expects a NUL-terminated string.
However, the VERSION variable does not contain a NUL-terminator,
so formatting it using "%s" may lead to printing whatever happens
to be in memory next to VERSION.

Using "%*s" allows to specify how many characters to print,
thus making sure we don't go off the array.
@suve suve force-pushed the ensure-VERSION-is-NUL-terminated branch from 040188d to 7bb2fef Compare December 1, 2020 19:05
@suve
Copy link
Contributor Author

suve commented Dec 1, 2020

Sure. Rewrote the patch and force-pushed the branch.

Copy link
Contributor

@asottile asottile left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chriskuehl chriskuehl merged commit 6a0fcbc into Yelp:master Dec 2, 2020
@chriskuehl
Copy link
Contributor

Thanks for the fix!

I think I won't release a new version just for this fix since as far as I understand this isn't causing issues in practice (due to automatic null byte padding around the constant?) but let me know if I'm misunderstanding the impact.

@suve
Copy link
Contributor Author

suve commented Dec 2, 2020

Well, the only reason I spotted and patched this is because it did, in fact, cause issues in practice. ;)

In the Fedora Linux distribution, we had issues with building the dumb-init package. It turned out that on the s390x architecture, while the program built fine, the test suite failed - on this particular arch, the VERSION variable was not immediately followed by a null byte, which in turn caused the "is help message ok?" test to fail. (rhbz1863456)

@chriskuehl
Copy link
Contributor

Thanks for letting me know, I've released a v1.2.3 which contains this fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants