[klibc] PATCH: Bug in function bootp_parse in file bootp_proto.c

Sat Oct 11 03:03:08 PDT 2008

Στις 09-10-2008, ημέρα Πεμ, και ώρα 19:37 +0300, ο/η Άλκης Γεωργόπουλος έγραψε:
> I propose to fix it by introducing a 
>   void *memcpy_null_terminate(dest, src, dest_len, src_len);
> function.

I've implemented this and I'm sending the git diff as an attachment.
It's a diff from my previous patch, not from the klibc current git head.

Peter, could you please have a look at the last 2 patches for possible
inclusion before I start with the next (big one) patch?

Because, being a git newbie, if you tell me later to revert to a
previous point and reapply a patch, I don't think I'll be easy for me to
do it! :)
And this particular bug *could* be responsible for some of the lost
packets, so debugging will be easier without it.

Kind regards,
Alkis Georgopoulos
-------------- next part --------------
commit 2f3a74f94edda260ba5b069458efad5943d1e828
Author: Άλκης Γεωργόπουλος <alkisg at gmail.com>
Date:   Sat Oct 11 12:38:29 2008 +0300

    Signed-off-by: Alkis Georgopoulos <alkisg at gmail.com>
    
    Fixed an error in dhcp option parsing

diff --git a/usr/kinit/ipconfig/bootp_proto.c b/usr/kinit/ipconfig/bootp_proto.c
index b138e0f..01cff1b 100644
--- a/usr/kinit/ipconfig/bootp_proto.c
+++ b/usr/kinit/ipconfig/bootp_proto.c
@@ -29,6 +29,25 @@ static uint8_t bootp_options[312] = {
 };
 
 /*
+ * Copy min(dest_n, src_n) bytes from src to dest and return dest.
+ * Ensure that dest is null terminated.
+ */
+static void *memncpy(void *dest, const void *src, size_t dest_n, size_t src_n)
+{
+	size_t min = dest_n < src_n ? dest_n : src_n;
+	
+	memcpy(dest, src, min);
+	if (dest_n > 0 && src_n > 0) {
+		if (min < dest_n)
+			((char *)dest)[min - 1] = '\0';
+		else
+			((char *)dest)[dest_n - 1] = '\0';
+	}
+	
+	return dest;
+}
+
+/*
  * Send a plain bootp request packet with options
  */
 int bootp_send_request(struct netdev *dev)
@@ -110,22 +129,13 @@ int bootp_parse(struct netdev *dev, struct bootp_hdr *hdr,
 					       len >= 8 ? 8 : 4);
 				break;
 			case 12:	/* host name */
-				if (len > sizeof(dev->hostname) - 1)
-					len = sizeof(dev->hostname) - 1;
-				memcpy(&dev->hostname, ext, len);
-				dev->hostname[len] = '\0';
+				memncpy(&dev->hostname, ext, sizeof(dev->hostname), len);
 				break;
 			case 15:	/* domain name */
-				if (len > sizeof(dev->dnsdomainname) - 1)
-					len = sizeof(dev->dnsdomainname) - 1;
-				memcpy(&dev->dnsdomainname, ext, len);
-				dev->dnsdomainname[len] = '\0';
+				memncpy(&dev->dnsdomainname, ext, sizeof(dev->dnsdomainname), len);
 				break;
 			case 17:	/* root path */
-				if (len > sizeof(dev->bootpath) - 1)
-					len = sizeof(dev->bootpath) - 1;
-				memcpy(&dev->bootpath, ext, len);
-				dev->bootpath[len] = '\0';
+				memncpy(&dev->bootpath, ext, sizeof(dev->bootpath), len);
 				break;
 			case 26:	/* interface MTU */
 				if (len == 2)
@@ -136,10 +146,7 @@ int bootp_parse(struct netdev *dev, struct bootp_hdr *hdr,
 					memcpy(&dev->ip_broadcast, ext, 4);
 				break;
 			case 40:	/* NIS domain name */
-				if (len > sizeof(dev->nisdomainname) - 1)
-					len = sizeof(dev->nisdomainname) - 1;
-				memcpy(&dev->nisdomainname, ext, len);
-				dev->nisdomainname[len] = '\0';
+				memncpy(&dev->nisdomainname, ext, sizeof(dev->nisdomainname), len);
 				break;
 			case 53:	/* DHCP message type */
 				type = *ext;
@@ -149,10 +156,7 @@ int bootp_parse(struct netdev *dev, struct bootp_hdr *hdr,
 					memcpy(&dev->ip_server, ext, 4);
 				break;
 			case 67:	/* bootfile name, when option overload is set */
-				if (len > sizeof(dev->filename) - 1)
-					len = sizeof(dev->filename) - 1;
-				memcpy(&dev->filename, ext, len);
-				dev->filename[len] = '\0';
+				memncpy(&dev->filename, ext, sizeof(dev->filename), len);
 				break;
 			}
 
