From da25bdb7766c01665500cf7c7b75e76ea1f28b49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Scharfe?= Date: Tue, 18 Apr 2017 17:57:42 -0400 Subject: [PATCH 1/2] use HOST_NAME_MAX to size buffers for gethostname(2) POSIX limits the length of host names to HOST_NAME_MAX. Export the fallback definition from daemon.c and use this constant to make all buffers used with gethostname(2) big enough for any possible result and a terminating NUL. Inspired-by: David Turner Signed-off-by: Rene Scharfe Signed-off-by: David Turner Reviewed-by: Jonathan Nieder Signed-off-by: Junio C Hamano --- builtin/gc.c | 10 +++++++--- builtin/receive-pack.c | 2 +- daemon.c | 4 ---- fetch-pack.c | 2 +- git-compat-util.h | 4 ++++ ident.c | 2 +- 6 files changed, 14 insertions(+), 10 deletions(-) diff --git a/builtin/gc.c b/builtin/gc.c index 069950d0b4..5befd518fd 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -220,7 +220,7 @@ static int need_to_gc(void) static const char *lock_repo_for_gc(int force, pid_t* ret_pid) { static struct lock_file lock; - char my_host[128]; + char my_host[HOST_NAME_MAX + 1]; struct strbuf sb = STRBUF_INIT; struct stat st; uintmax_t pid; @@ -239,8 +239,12 @@ static const char *lock_repo_for_gc(int force, pid_t* ret_pid) fd = hold_lock_file_for_update(&lock, pidfile_path, LOCK_DIE_ON_ERROR); if (!force) { - static char locking_host[128]; + static char locking_host[HOST_NAME_MAX + 1]; + static char *scan_fmt; int should_exit; + + if (!scan_fmt) + scan_fmt = xstrfmt("%s %%%dc", "%"SCNuMAX, HOST_NAME_MAX); fp = fopen(pidfile_path, "r"); memset(locking_host, 0, sizeof(locking_host)); should_exit = @@ -256,7 +260,7 @@ static const char *lock_repo_for_gc(int force, pid_t* ret_pid) * running. */ time(NULL) - st.st_mtime <= 12 * 3600 && - fscanf(fp, "%"SCNuMAX" %127c", &pid, locking_host) == 2 && + fscanf(fp, scan_fmt, &pid, locking_host) == 2 && /* be gentle to concurrent "gc" on remote hosts */ (strcmp(locking_host, my_host) || !kill(pid, 0) || errno == EPERM); if (fp != NULL) diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index 011db00d31..3ca8ebe0e1 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -1655,7 +1655,7 @@ static const char *unpack(int err_fd, struct shallow_info *si) if (status) return "unpack-objects abnormal exit"; } else { - char hostname[256]; + char hostname[HOST_NAME_MAX + 1]; argv_array_pushl(&child.args, "index-pack", "--stdin", hdr_arg, NULL); diff --git a/daemon.c b/daemon.c index ff0fa583b0..10cbc0fa58 100644 --- a/daemon.c +++ b/daemon.c @@ -4,10 +4,6 @@ #include "strbuf.h" #include "string-list.h" -#ifndef HOST_NAME_MAX -#define HOST_NAME_MAX 256 -#endif - #ifdef NO_INITGROUPS #define initgroups(x, y) (0) /* nothing */ #endif diff --git a/fetch-pack.c b/fetch-pack.c index 413937e740..a75ed6c940 100644 --- a/fetch-pack.c +++ b/fetch-pack.c @@ -745,7 +745,7 @@ static int get_pack(struct fetch_pack_args *args, if (args->use_thin_pack) argv_array_push(&cmd.args, "--fix-thin"); if (args->lock_pack || unpack_limit) { - char hostname[256]; + char hostname[HOST_NAME_MAX + 1]; if (gethostname(hostname, sizeof(hostname))) xsnprintf(hostname, sizeof(hostname), "localhost"); argv_array_pushf(&cmd.args, diff --git a/git-compat-util.h b/git-compat-util.h index d89a78616b..1f1e82407e 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -878,6 +878,10 @@ static inline size_t xsize_t(off_t len) __attribute__((format (printf, 3, 4))) extern int xsnprintf(char *dst, size_t max, const char *fmt, ...); +#ifndef HOST_NAME_MAX +#define HOST_NAME_MAX 256 +#endif + /* in ctype.c, for kwset users */ extern const unsigned char tolower_trans_tbl[256]; diff --git a/ident.c b/ident.c index d17b5bd341..8ec0f25987 100644 --- a/ident.c +++ b/ident.c @@ -120,7 +120,7 @@ static int canonical_name(const char *host, struct strbuf *out) static void add_domainname(struct strbuf *out, int *is_bogus) { - char buf[1024]; + char buf[HOST_NAME_MAX + 1]; if (gethostname(buf, sizeof(buf))) { warning_errno("cannot get host name"); From 5781a9a2703e96b01587bb95ceebcc53f2cee91c Mon Sep 17 00:00:00 2001 From: David Turner Date: Tue, 18 Apr 2017 17:57:43 -0400 Subject: [PATCH 2/2] xgethostname: handle long hostnames If the full hostname doesn't fit in the buffer supplied to gethostname, POSIX does not specify whether the buffer will be null-terminated, so to be safe, we should do it ourselves. Introduce new function, xgethostname, which ensures that there is always a \0 at the end of the buffer. Signed-off-by: David Turner Signed-off-by: Junio C Hamano --- builtin/gc.c | 2 +- builtin/receive-pack.c | 2 +- fetch-pack.c | 2 +- git-compat-util.h | 2 ++ ident.c | 2 +- wrapper.c | 13 +++++++++++++ 6 files changed, 19 insertions(+), 4 deletions(-) diff --git a/builtin/gc.c b/builtin/gc.c index 5befd518fd..4f85610d87 100644 --- a/builtin/gc.c +++ b/builtin/gc.c @@ -232,7 +232,7 @@ static const char *lock_repo_for_gc(int force, pid_t* ret_pid) /* already locked */ return NULL; - if (gethostname(my_host, sizeof(my_host))) + if (xgethostname(my_host, sizeof(my_host))) xsnprintf(my_host, sizeof(my_host), "unknown"); pidfile_path = git_pathdup("gc.pid"); diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index 3ca8ebe0e1..eee5faaa24 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -1660,7 +1660,7 @@ static const char *unpack(int err_fd, struct shallow_info *si) argv_array_pushl(&child.args, "index-pack", "--stdin", hdr_arg, NULL); - if (gethostname(hostname, sizeof(hostname))) + if (xgethostname(hostname, sizeof(hostname))) xsnprintf(hostname, sizeof(hostname), "localhost"); argv_array_pushf(&child.args, "--keep=receive-pack %"PRIuMAX" on %s", diff --git a/fetch-pack.c b/fetch-pack.c index a75ed6c940..f43adfe7b5 100644 --- a/fetch-pack.c +++ b/fetch-pack.c @@ -746,7 +746,7 @@ static int get_pack(struct fetch_pack_args *args, argv_array_push(&cmd.args, "--fix-thin"); if (args->lock_pack || unpack_limit) { char hostname[HOST_NAME_MAX + 1]; - if (gethostname(hostname, sizeof(hostname))) + if (xgethostname(hostname, sizeof(hostname))) xsnprintf(hostname, sizeof(hostname), "localhost"); argv_array_pushf(&cmd.args, "--keep=fetch-pack %"PRIuMAX " on %s", diff --git a/git-compat-util.h b/git-compat-util.h index 1f1e82407e..b8c4c8d638 100644 --- a/git-compat-util.h +++ b/git-compat-util.h @@ -882,6 +882,8 @@ extern int xsnprintf(char *dst, size_t max, const char *fmt, ...); #define HOST_NAME_MAX 256 #endif +extern int xgethostname(char *buf, size_t len); + /* in ctype.c, for kwset users */ extern const unsigned char tolower_trans_tbl[256]; diff --git a/ident.c b/ident.c index 8ec0f25987..7e386a48fa 100644 --- a/ident.c +++ b/ident.c @@ -122,7 +122,7 @@ static void add_domainname(struct strbuf *out, int *is_bogus) { char buf[HOST_NAME_MAX + 1]; - if (gethostname(buf, sizeof(buf))) { + if (xgethostname(buf, sizeof(buf))) { warning_errno("cannot get host name"); strbuf_addstr(out, "(none)"); *is_bogus = 1; diff --git a/wrapper.c b/wrapper.c index e7f1979968..64ebd6c690 100644 --- a/wrapper.c +++ b/wrapper.c @@ -679,3 +679,16 @@ void sleep_millisec(int millisec) { poll(NULL, 0, millisec); } + +int xgethostname(char *buf, size_t len) +{ + /* + * If the full hostname doesn't fit in buf, POSIX does not + * specify whether the buffer will be null-terminated, so to + * be safe, do it ourselves. + */ + int ret = gethostname(buf, len); + if (!ret) + buf[len - 1] = 0; + return ret; +}