> -----Original Message----- > From: Jonathan Nieder [mailto:jrnieder@xxxxxxxxx] > Sent: Thursday, April 13, 2017 6:05 PM > To: David Turner <David.Turner@xxxxxxxxxxxx> > Cc: git@xxxxxxxxxxxxxxx > Subject: Re: [PATCH] xgethostname: handle long hostnames > > Hi, > > David Turner wrote: > > > If the full hostname doesn't fit in the buffer supplied to > > gethostname, POSIX does not specify whether the buffer will be > > null-terminated, so to be safe, we should do it ourselves. > [...] > > +++ b/wrapper.c > > @@ -655,3 +655,16 @@ void sleep_millisec(int millisec) { > > poll(NULL, 0, millisec); > > } > > + > > +int xgethostname(char *buf, size_t len) { > > + /* > > + * If the full hostname doesn't fit in buf, POSIX does not > > + * specify whether the buffer will be null-terminated, so to > > + * be safe, do it ourselves. > > + */ > > + int ret = gethostname(buf, len); > > + if (!ret) > > + buf[len - 1] = 0; > > + return ret; > > I wonder if after null-terminating we would want to report this as an error, > instead of silently using a truncated result. I.e. something like > > > + if (!ret) > > + buf[len - 1] = 0; > > + if (strlen(buf) >= len - 1) { > > + errno = ENAMETOOLONG; > > + return -1; > > + } > > (or EINVAL --- either is equally descriptive). Looking at the users of this function, I think most would be happier with a truncated buffer than an error: gc.c: used to see if we are the same machine as the machine that locked the repo. Unlikely that two machines have hostnames that differ only in the 256th-or-above character. fetch-pack.c, receive-pack.c: similar to gc.c; the hostname is a note in the .keep file Ident.c: used to make up a fake email address. On my laptop, gethostname returns "corey" (no domain part), so the email address is not likely to be valid anyway. > Also POSIX requires that hostnames are <= 255 bytes. Maybe we can force the > buffer to be large enough. That is now how I read it. I read the limit as HOST_NAME_MAX, which has a *minimum* value of 255, but which might be larger. The existing hostname buffers are 128, 256, and 1024 bytes, so they're pretty arbitrary.