Web lists-archives.com

RE: [PATCH] xgethostname: handle long hostnames




> -----Original Message-----
> From: Jonathan Nieder [mailto:jrnieder@xxxxxxxxx]
> Sent: Thursday, April 13, 2017 6:05 PM
> To: David Turner <David.Turner@xxxxxxxxxxxx>
> Cc: git@xxxxxxxxxxxxxxx
> Subject: Re: [PATCH] xgethostname: handle long hostnames
> 
> Hi,
> 
> David Turner wrote:
> 
> > If the full hostname doesn't fit in the buffer supplied to
> > gethostname, POSIX does not specify whether the buffer will be
> > null-terminated, so to be safe, we should do it ourselves.
> [...]
> > +++ b/wrapper.c
> > @@ -655,3 +655,16 @@ void sleep_millisec(int millisec)  {
> >  	poll(NULL, 0, millisec);
> >  }
> > +
> > +int xgethostname(char *buf, size_t len) {
> > +	/*
> > +	 * If the full hostname doesn't fit in buf, POSIX does not
> > +	 * specify whether the buffer will be null-terminated, so to
> > +	 * be safe, do it ourselves.
> > +	 */
> > +	int ret = gethostname(buf, len);
> > +	if (!ret)
> > +		buf[len - 1] = 0;
> > +	return ret;
> 
> I wonder if after null-terminating we would want to report this as an error,
> instead of silently using a truncated result.  I.e. something like
> 
> > +	if (!ret)
> > +		buf[len - 1] = 0;
> > +	if (strlen(buf) >= len - 1) {
> > +		errno = ENAMETOOLONG;
> > +		return -1;
> > +	}
>
> (or EINVAL --- either is equally descriptive).

Looking at the users of this function, I think most would be happier with a truncated buffer than an error:
gc.c: used to see if we are the same machine as the machine that locked the repo. Unlikely that two machines have hostnames that differ only in the 256th-or-above character.
fetch-pack.c, receive-pack.c: similar to gc.c; the hostname is a note in the .keep file
Ident.c: used to make up a fake email address. On my laptop, gethostname returns "corey" (no domain part), so the email address is not likely to be valid anyway.

> Also POSIX requires that hostnames are <= 255 bytes.  Maybe we can force the
> buffer to be large enough.

That is now how I read it.  I read the limit as HOST_NAME_MAX, which has a *minimum* value of 255, but which might be larger.

The existing hostname buffers are 128, 256, and 1024 bytes, so they're pretty arbitrary.