RFR(xs): (jdk10) 8173828: realpath is unsafe
Thomas Stüfe
thomas.stuefe at gmail.com
Tue Mar 14 11:19:03 UTC 2017
Hi Dmitry,
thank you for the review. These are good points, I addressed them all:
New webrev:
http://cr.openjdk.java.net/~stuefe/webrevs/8173828-realpath-is-unsafe/jdk10-webrev.01/webrev/
Delta to last:
http://cr.openjdk.java.net/~stuefe/webrevs/8173828-realpath-is-unsafe/jdk10-webrev.00-to-01/webrev/
Thanks, Thomas
On Tue, Mar 14, 2017 at 10:00 AM, Dmitry Samersoff <
dmitry.samersoff at oracle.com> wrote:
> Thomas,
>
> os_posix.cpp:
>
> 1121: It might be better to return ENAMETOOLONG
>
> 1131: It might be better to check for
> filename != NULL && outbuf != NULL before any call to realpath
> and return EINVAL for product and assert it for debug build.
>
> 1134: What is the goal of this assert? Do you see this problem?
>
> 1135: If realpath overwrites outbuf, strlen might have unpredictable
> effect.
>
> So it might be better to set last byte of outbuf to 0 before
> call to realpath and check that it is still zero after call
>
> -Dmitry
>
> On 2017-03-14 10:11, Thomas Stüfe wrote:
> > Hi all,
> >
> > may I have reviews for this smallish fix.
> >
> > Issue: https://bugs.openjdk.java.net/browse/JDK-8173828
> > Webrev:
> > http://cr.openjdk.java.net/~stuefe/webrevs/8173828-
> realpath-is-unsafe/jdk10-webrev.00/
> >
> > In short, realpath(3) is unsafe the way it is traditionally used (with a
> > user buffer provided). It is safe if used in the new POSIX.1-2008
> compliant
> > way. To wrap this behavior, I added a new os::Posix::realpath() function
> > which takes a buffer and a buffer size (like a sane API would but the
> > ancient realpath() did not) and moved safe buffer handling into this API.
> >
> > Kind Regards, Thomas
> >
>
>
> --
> Dmitry Samersoff
> Oracle Java development team, Saint Petersburg, Russia
> * I would love to change the world, but they won't give me the sources.
>
More information about the hotspot-runtime-dev
mailing list