Re: git: fc915f1be145 - main - pseudofs: Fix a potential out-of-bounds access in pfs_lookup()
Date: Fri, 23 Jun 2023 18:49:42 UTC
> On Jun 23, 2023, at 8:56 AM, Mark Johnston <markj@FreeBSD.org> wrote: … >> Naive question: should this be an && conditional or an || conditional? > > It should be &&. Using || here would reintroduce the original bug. > If strncmp(pname, pn->pn_name, namelen) == 0, then > strlen(pn->pn_name) >= namelen, and pn->pn_name is nul-terminated, so it > is safe to check pn->pn_name[namelen] == '\0'. > >> If the former, could this be simplified by using a direct NUL char equality check instead of using strncmp? > > I'm not sure what you mean by this. This code is simply checking > whether pname and pn->pn_name are the same string, without assuming that > pname is nul-terminated. I completely misread the conditional when I sent out my email. After you pointed out the obvious part dealing with namelen, it doesn’t make sense for the conditionals to exist by themselves. Thanks for the explanation :)! -Enji