From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=FSNoG4Ss;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 655785A0008
	for <passt-dev@passt.top>; Fri, 04 Apr 2025 01:35:28 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202502; t=1743723325;
	bh=OZihjebg/vC+/QZOY9fdeL7nfdIg9D/kjcZ0R8sbfjg=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=FSNoG4Ss/cUxcXBRlM4fPMlqNQzuHRjj3V1kh4lERlfJv2vDcw6iFzk5q3iu5weyt
	 IbnWKPwsPh6Dv2EdT0gXo0/oWZ4m3EaYVTTANbuUcB5lHEegzibO1N7oJXbeppYjyD
	 MVNeggLdqjBZ/DL8zMaY/Rx1mlCwMn3327NTM4MtQGA/Zoqc6Jj8Up0GKxUvIYj3Vy
	 u+EVggJBrHPUjM4kMBrZTT2Dza5BRW8xxTWViMv8TTaWdOm2dhiWpFM4RJKVCrqhXo
	 a6y0UHw6jAsp9Q/txmAqn/RncX7Y7X8Go6I7fEA6XIiYJZqj40ryqB23mH3KONGmcW
	 pj/J5OwQL6j5g==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4ZTJ4s49Xtz4x3d; Fri,  4 Apr 2025 10:35:25 +1100 (AEDT)
Date: Fri, 4 Apr 2025 10:34:40 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] passt-repair: Ensure that read buffer is NULL-terminated
Message-ID: <Z-8bEDbVOKlKuLT1@zatzit>
References: <20250403190443.1932107-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="fbZTr1JgKG3eW3sk"
Content-Disposition: inline
In-Reply-To: <20250403190443.1932107-1-sbrivio@redhat.com>
Message-ID-Hash: 67ABVGQJ52PYWGDEF4VHM5XKKLF3I4IW
X-Message-ID-Hash: 67ABVGQJ52PYWGDEF4VHM5XKKLF3I4IW
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z-8bEDbVOKlKuLT1@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/67ABVGQJ52PYWGDEF4VHM5XKKLF3I4IW/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--fbZTr1JgKG3eW3sk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 03, 2025 at 09:04:43PM +0200, Stefano Brivio wrote:
> After 3d41e4d83895 ("passt-repair: Correct off-by-one error verifying
> name"), Coverity Scan isn't convinced anymore about the fact that the
> ev->name used in the snprintf() is NULL-terminated.

Aww, man :(

> It comes from a read() call, and read() of course doesn't terminate
> it, but we already check that the byte at ev->len - 1 is a NULL
> terminator, so this is actually a false positive.

Indeed.  I'm kind of baffled that it's able to reason it out with the
off-by-one, but not without.

> In any case, the logic ensuring that ev->name is NULL-terminated isn't
> necessarily obvious, and additionally checking that the last byte in
> the buffer we read is a NULL terminator is harmless, so do that
> explicitly, even if it's redundant.
>=20
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Vexing that it's necessary, but

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  passt-repair.c | 1 +
>  1 file changed, 1 insertion(+)
>=20
> diff --git a/passt-repair.c b/passt-repair.c
> index 440c77a..256a8c9 100644
> --- a/passt-repair.c
> +++ b/passt-repair.c
> @@ -137,6 +137,7 @@ int main(int argc, char **argv)
>  				fprintf(stderr, "inotify read: %i", errno);
>  				_exit(1);
>  			}
> +			buf[n - 1] =3D '\0';
> =20
>  			if (n < (ssize_t)sizeof(*ev)) {
>  				fprintf(stderr, "Short inotify read: %zi", n);

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--fbZTr1JgKG3eW3sk
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmfvGw8ACgkQzQJF27ox
2GcM1w/+LDJimjP3KKXsupM3D8pwQNKMM7z3X/hLShmH7TfgWFHCh1TOrkgKa7xW
3qU3m113Td4NnV0RDHDotPtpdkcojCWEwNORRWo+kGJeZYcXxQC7q+6jcyk9b4Ft
Vs0hhl9qARaS+Po5rEGs+wRfpTl0tYY/udqaL0jKKoXOyubjyfysG1MGIu5/HqHW
3FTk+Kx7AwXsMmS8THrVlzxniFjkmuNm90fn23xJIV3+FvNUf9K+V3NnsscxhUAV
ZyEIJ2rBrWB2FlGR+t7+PVAq0d6ldO9IIWmtR2x9iY6IbJzXfBqMyxGQ8KrUPfto
WMqDED2ivynDU86vdcDmPhbv8gxA9dWrTe+OErO0eoshsUNxQsPZDsRPx4fpeETV
gtzSreuzVdGhWmi5LWr26Q1KIklseFSGsgxpbJKiD8Ons+P+RTEaUV6b348s/sZh
jOqfrzgDIh1L2Ct7/8zdwHEGipGaM/meZY2KsmF67qiJctIjaK25qCCVLn4x0iLq
DxjnzXGLauyebFbG6kIIQZCDMo7qXjc0t37+nnuMN3Irms9D2Y3+/w+h9avbI/EW
36AtV5a7D5kDFMKnqxrq44s9/3+iIL426WYCumddEbgWj9ywBVUdP62h8wUk4Qco
EoCvb9QzDa2fIDCc2gHUNAoJAkIYvqRebW1AScJUb8lMNQUJPx0=
=mzHG
-----END PGP SIGNATURE-----

--fbZTr1JgKG3eW3sk--