Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix potentially overflow msg_namelen value in SupervisedSystemd #1891

Merged
merged 1 commit into from
Nov 12, 2023
Merged

Fix potentially overflow msg_namelen value in SupervisedSystemd #1891

merged 1 commit into from
Nov 12, 2023

Conversation

PragmaTwice
Copy link
Member

kvrocks/src/cli/daemon_util.h

Line 75 in 78f87c4

hdr.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(notify_socket);

The value of msg_namelen may cause potentially overflow since notify_socket is not the real truncated one. So we need to use strlen(notify_socket) instead of strlen(su.sun_path).

Besides, some other code has been cleaned up.

@PragmaTwice PragmaTwice requested a review from git-hulk November 11, 2023 14:52
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 11, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 1 Security Hotspot
Code Smell A 0 Code Smells

No Coverage information No Coverage information
1.7% 1.7% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

@git-hulk
Copy link
Member

@PragmaTwice Sonar Lint reports hotspot security due to using the stren function in daemon_util.h, but I guess it should be fine since the variable is always set the \0.

@PragmaTwice
Copy link
Member Author

PragmaTwice commented Nov 11, 2023
edited
Loading

@PragmaTwice Sonar Lint reports hotspot security due to using the stren function in daemon_util.h, but I guess it should be fine since the variable is always set the \0.

This strlen is not introduced by me lol.

@git-hulk
Copy link
Member

@PragmaTwice Sonar Lint reports hotspot security due to using the stren function in daemon_util.h, but I guess it should be fine since the variable is always set the \0.

This strlen is not introduced by me lol.

aha, yes i know. What I mean is to ignore this hotspot security report.

@PragmaTwice PragmaTwice merged commit b3a6e94 into apache:unstable Nov 12, 2023
29 of 30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@torwig torwig torwig approved these changes

@git-hulk git-hulk git-hulk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@PragmaTwice @git-hulk @torwig