RFR: JDK-8259786: initialize last parameter of getpwuid_r

Matthias Baesken mbaesken at openjdk.java.net
Fri Jan 15 14:04:02 UTC 2021 

On Fri, 15 Jan 2021 13:54:15 GMT, Harold Seigel <hseigel at openjdk.org> wrote:

>> We have a couple of calls to getpwuid_r  in the codebase, like 
>> g= getpwuid_r(getuid(), &resbuf, pwd_buf, sizeof(pwd_buf), &pwd);
>> 
>> Usually we NULL-check pwd after the call because we do not fully trust the return code of the function (it is documented in the codebase why we do not fully trust the return code) . However we miss to initialize pwd at some places before the call, which might we a little problematic and should be improved   (at other places we already initialize it).
>> 
>> This triggers also Sonar warnings like :
>> https://sonarcloud.io/project/issues?id=jdk&open=AXaE0dsA8L9hkQskGEbA&resolved=false&types=BUG
>> 
>> 
>> Aside from this issue ,  should we in other issue ,  unify the OS versions of  static char* get_user_name(uid_t uid)    in posix code (currently we have it for bsd, linux, aix  but the functions look very similar ?
>
> Hi Matthias,
> These changes look good, but could you hold off on making these changes until pull request https://github.com/openjdk/jdk/pull/2037, which consolidates the perfMemory_{aix,bsd,linux].cpp files into one perfMemory_posix.cpp file, has been integrated?
> Thanks, Harold

> Hi Matthias,
> These changes look good, but could you hold off on making these changes until pull request #2037, which consolidates the perfMemory_{aix,bsd,linux].cpp files into one perfMemory_posix.cpp file, has been integrated?
> Thanks, Harold

Hi Harold, thanks for reviewing . I will wait until your change is in .
Good to see that  you already started consolidating the perfmem code into posix, my question 

>Aside from this issue , should we in other issue , unify the OS versions of static char* get_user_name(uid_t uid) in posix code 
>(currently we have it for bsd, linux, aix but the functions look very similar ?

was pointing into the same direction but looks like you already started the effort !
Thanks, Matthias

-------------

PR: https://git.openjdk.java.net/jdk/pull/2098

More information about the security-dev mailing list